vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: clarify WhatsApp group allowlist and reply mention behavior

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 09:19:27 +01:00
parent ad4c784f20
commit 9c2640a810
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/gateway/security/index.md
View File

@@ -301,6 +301,8 @@ OpenClaw has two separate “who can trigger me?” layers:
- `channels.whatsapp.groups`, `channels.telegram.groups`, `channels.imessage.groups`: per-group defaults like `requireMention`; when set, it also acts as a group allowlist (include `"*"` to keep allow-all behavior).
- `groupPolicy="allowlist"` + `groupAllowFrom`: restrict who can trigger the bot _inside_ a group session (WhatsApp/Telegram/Signal/iMessage/Microsoft Teams).
- `channels.discord.guilds` / `channels.slack.channels`: per-surface allowlists + mention defaults.
- Group checks run in this order: `groupPolicy`/group allowlists first, mention/reply activation second.
- Replying to a bot message (implicit mention) does **not** bypass sender allowlists like `groupAllowFrom`.
- **Security note:** treat `dmPolicy="open"` and `groupPolicy="open"` as last-resort settings. They should be barely used; prefer pairing + allowlists unless you fully trust every member of the room.
Details: [Configuration](/gateway/configuration) and [Groups](/channels/groups)