Requirements for stable permissions
- Same path: run the app from a fixed location (for OpenClaw,
dist/OpenClaw.app). - Same bundle identifier: OpenClaw’s bundle ID is
ai.openclaw.mac; changing it creates a new permission identity. - Signed app: unsigned or ad-hoc signed builds do not persist permissions.
- Consistent signature: use a real Apple Development or Developer ID certificate so the signature stays stable across rebuilds.
Accessibility grants for Node and CLI runtimes
Prefer granting Accessibility to OpenClaw.app, Peekaboo.app, or another signed helper with its own bundle identifier instead of a genericnode binary.
macOS TCC grants Accessibility to the code identity of the process it sees. If a Homebrew, nvm, pnpm, or npm workflow causes a shared node executable to receive Accessibility, any JavaScript package launched through that same executable may inherit GUI automation privileges.
Treat a node entry in System Settings as broad permission for that Node runtime, not as permission for one npm package. Avoid granting Accessibility to node unless you trust every script and package launched through that exact Node install.
If you accidentally granted Accessibility to node, remove that entry from System Settings -> Privacy & Security -> Accessibility. Then grant the signed app or helper that should own UI automation.
Recovery checklist when prompts disappear
- Quit the app.
- Remove the app entry in System Settings -> Privacy & Security.
- Relaunch the app from the same path and re-grant permissions.
- If the prompt still does not appear, reset TCC entries with
tccutiland try again. - Some permissions only reappear after a full macOS restart.
ai.openclaw.mac):
Files and folders permissions (Desktop/Documents/Downloads)
macOS may also gate Desktop, Documents, and Downloads for terminal/background processes. If file reads or directory listings hang, grant access to the same process context that performs file operations (for example Terminal/iTerm, LaunchAgent-launched app, or SSH process). Workaround: move files into the OpenClaw workspace (~/.openclaw/workspace) if you want to avoid per-folder grants.
If you are testing permissions, always sign with a real certificate. Ad-hoc builds are only acceptable for quick local runs where permissions do not matter.