Security
Pairing is the first security gate for direct messages in OpenClaw. Unknown senders receive a short code and their message is not processed until approval[1]. This checklist helps you enforce it consistently.
Checklist Before You Go Live
- Set DM policy to
pairingon every external channel. - Audit pending pairing queue at least daily.
- Keep allowlists under versioned backup.
- Require explicit mention in group channels.
- Monitor logs for repeated unknown sender attempts[2].
Operational Commands
openclaw pairing list whatsapp
openclaw pairing list telegram
openclaw pairing approve whatsapp <CODE>
openclaw pairing reject telegram <CODE>Config Baseline
{
"channels": {
"whatsapp": { "dmPolicy": "pairing", "groupPolicy": "allowlist" },
"telegram": { "dmPolicy": "pairing", "groupPolicy": "allowlist" },
"signal": { "dmPolicy": "pairing", "groupPolicy": "allowlist" }
}
}Known Limits You Should Plan For
The pairing system caps pending requests per channel by default, so a flood of unknown senders can block new legitimate requests until approvals/rejections clear the queue[1]. Build an operator runbook for this.
Audit Pattern
openclaw channels status --probe
openclaw logs --follow
openclaw healthUse health + logs after policy changes to confirm the gateway still routes normally[3][4].
References
- OpenClaw Docs: Pairing - Accessed February 21, 2026
- OpenClaw Docs: Channel Troubleshooting - Accessed February 21, 2026
- OpenClaw Docs: CLI Channels - Accessed February 21, 2026
- OpenClaw Docs: CLI Health - Accessed February 21, 2026
- OpenClaw GitHub Repository - Accessed February 21, 2026
Reference Trail
External sources surfaced from the underlying article content
- OpenClaw Docs: Pairingdocs.openclaw.ai
- OpenClaw Docs: Channel Troubleshootingdocs.openclaw.ai
- OpenClaw Docs: CLI Channelsdocs.openclaw.ai
- OpenClaw Docs: CLI Healthdocs.openclaw.ai
- OpenClaw GitHub Repositorygithub.com