Why does OpenClaw v2026.3.28 break the exec tool?

The update permanently removes exec capability from macOS nodes. The system.run.prepare command fails with 'node command not allowed', and downgrading does not restore functionality.

Can I fix the exec tool by downgrading OpenClaw?

No. Downgrading CLI and App back to v2026.3.24 does NOT restore exec functionality. The update appears to permanently change node pairing or exec-approval state.

What is the system.run.prepare error in OpenClaw?

After updating to v2026.3.28, nodes report 'node command not allowed: the node does not support system.run.prepare' even though exec is listed in node capabilities and permissions.

Is the v2026.3.28 exec regression related to previous tool breakages?

It follows a pattern — Issues #36994, #38987, and #34810 all report exec/tool breakages across different versions, suggesting a systemic fragility in OpenClaw's tool dispatch system.

What workaround exists for the v2026.3.28 exec bug?

Some users suggest downgrading to v2026.3.7 or re-enabling exec permissions manually via config. A community script exists that restores full exec access but removes the execution approval layer.

← Back to dashboard

clawsmith.com/signal/openclaw-v2026-3-28-exec-tool-permanently-broken

⚠ IssueUnknownFrameworkLive

OpenClaw v2026.3.28 Permanently Breaks Exec Tool — Downgrade Does Not Fix

Auto-update from v2026.3.24 to v2026.3.28 permanently removes exec capability from macOS nodes. system.run.prepare command fails with 'node command not allowed'. Downgrading CLI and App back to v2026.3.24 does NOT restore functionality. Part of a pattern of exec tool regressions across multiple versions.

Product Idea from this Signal

A sandbox environment that tests OpenClaw upgrades against your agents before they break production

3.2k ▲

Every OpenClaw release breaks something. v2026.3.22 broke the Dashboard and WhatsApp. v2026.3.2 silently disabled all agent tools. v2026.3.8 killed cron jobs and compaction. v2026.3.28 permanently broke the exec tool in a way that downgrading could not fix. Users discover these regressions after upgrading their production instance. There is no pre-upgrade testing, no rollback plan, and no way to know if a new version will break your specific configuration. This tool creates a sandboxed replica of your OpenClaw setup, runs the upgrade there first, executes your critical workflows against it, and gives you a pass/fail verdict before touching production.

DEVTOOLCLITESTINGSYSADMIN

Wide OpenView Opportunity →