openclaw-plugin-exec-grant 1.0.2 → 1.2.0

package/index.ts

@@ -1,14 +1,55 @@
 import { execFileSync } from "node:child_process";
-import { join } from "node:path";
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { homedir } from "node:os";
 
+const PLUGIN_ID = "openclaw-plugin-exec-grant";
 const SCRIPTS_DIR = join(__dirname, "skills", "exec-grant", "scripts");
+const APPROVALS_FILE = join(homedir(), ".openclaw", "exec-approvals.json");
 
-function runScript(name: string, args: string[] = []): string {
+const DEFAULT_ALLOWLIST = [
+  "ls",
+  "cat",
+  "head",
+  "tail",
+  "wc",
+  "grep",
+  "find",
+  "file",
+  "echo",
+  "printf",
+  "date",
+  "whoami",
+  "pwd",
+  "git status",
+  "git log",
+  "git diff",
+  "git show",
+  "node --version",
+  "npm --version",
+  "python3 --version",
+  "openclaw config get",
+  "openclaw message send",
+  "jq",
+  "sed",
+  "awk",
+  "sort",
+  "uniq",
+  "tr",
+  "cut",
+];
+
+function runScript(
+  name: string,
+  args: string[] = [],
+  env?: Record<string, string>,
+): string {
   const scriptPath = join(SCRIPTS_DIR, name);
   try {
     return execFileSync("bash", [scriptPath, ...args], {
       encoding: "utf-8",
       timeout: 30_000,
+      env: { ...process.env, ...env },
     }).trim();
   } catch (err: any) {
     const stderr = err.stderr?.toString().trim() || "";
@@ -17,7 +58,190 @@ function runScript(name: string, args: string[] = []): string {
   }
 }
 
+function ensureAllowlistBaseline(logger: any): void {
+  mkdirSync(dirname(APPROVALS_FILE), { recursive: true });
+
+  if (!existsSync(APPROVALS_FILE)) {
+    const baseline = {
+      agents: {
+        main: {
+          security: "allowlist",
+          allowlist: DEFAULT_ALLOWLIST,
+        },
+      },
+    };
+    writeFileSync(APPROVALS_FILE, JSON.stringify(baseline, null, 2) + "\n");
+    logger?.info(
+      `[exec-grant] Created ${APPROVALS_FILE} with allowlist baseline (${DEFAULT_ALLOWLIST.length} commands)`,
+    );
+    return;
+  }
+
+  // File exists -- check if security mode is set
+  try {
+    const data = JSON.parse(readFileSync(APPROVALS_FILE, "utf-8"));
+    const security = data?.agents?.main?.security;
+    if (!security) {
+      // Set security to allowlist without overwriting other fields
+      if (!data.agents) data.agents = {};
+      if (!data.agents.main) data.agents.main = {};
+      data.agents.main.security = "allowlist";
+      if (!data.agents.main.allowlist) {
+        data.agents.main.allowlist = DEFAULT_ALLOWLIST;
+      }
+      writeFileSync(APPROVALS_FILE, JSON.stringify(data, null, 2) + "\n");
+      logger?.info(
+        `[exec-grant] Set agents.main.security = "allowlist" in ${APPROVALS_FILE}`,
+      );
+    }
+  } catch {
+    // File exists but isn't valid JSON -- leave it alone
+    logger?.warn(`[exec-grant] Could not parse ${APPROVALS_FILE}, skipping baseline setup`);
+  }
+}
+
 export default function register(api: any) {
+  const logger = api.logger;
+  const pluginConfig = api.pluginConfig ?? {};
+
+  // --- Auto-create allowlist baseline ---
+  ensureAllowlistBaseline(logger);
+
+  // --- Startup guidance ---
+  const adminTarget = pluginConfig.adminTarget;
+  const channel = pluginConfig.channel;
+
+  if (!adminTarget || !channel) {
+    logger?.warn(
+      `[exec-grant] Plugin installed but not configured yet.\n` +
+        `  Run: openclaw exec-grant-setup\n` +
+        `  Or manually set in openclaw.json:\n` +
+        `    plugins.entries.${PLUGIN_ID}.config.adminTarget = "<target>"\n` +
+        `    plugins.entries.${PLUGIN_ID}.config.channel = "<channel>"`,
+    );
+  } else {
+    logger?.info(
+      `[exec-grant] Ready. Admin: ${adminTarget} via ${channel}. ` +
+        `Commands: /grant <min>, /revoke, /grant-status`,
+    );
+  }
+
+  // --- Interactive setup CLI command ---
+  api.registerCli(
+    ({ program, config }: any) => {
+      program
+        .command("exec-grant-setup")
+        .description("Configure the exec-grant plugin interactively")
+        .action(async () => {
+          // Dynamic import for prompts (clack is bundled with openclaw)
+          let prompts: any;
+          try {
+            prompts = await import("@clack/prompts");
+          } catch {
+            // Fallback: try readline
+            console.log("\n  exec-grant setup\n");
+            console.log("  Could not load interactive prompts.");
+            console.log("  Configure manually in openclaw.json:\n");
+            printManualConfig();
+            return;
+          }
+
+          prompts.intro("exec-grant setup");
+
+          const currentConfig =
+            config?.plugins?.entries?.[PLUGIN_ID]?.config ?? {};
+
+          const channelChoice = await prompts.select({
+            message: "Which messaging channel should approval requests use?",
+            options: [
+              { value: "whatsapp", label: "WhatsApp" },
+              { value: "telegram", label: "Telegram" },
+              { value: "slack", label: "Slack" },
+              { value: "discord", label: "Discord" },
+              { value: "signal", label: "Signal" },
+              { value: "msteams", label: "Microsoft Teams" },
+              { value: "matrix", label: "Matrix" },
+              { value: "other", label: "Other" },
+            ],
+            initialValue: currentConfig.channel || "whatsapp",
+          });
+
+          if (prompts.isCancel(channelChoice)) {
+            prompts.cancel("Setup cancelled.");
+            return;
+          }
+
+          let selectedChannel = channelChoice as string;
+          if (selectedChannel === "other") {
+            const custom = await prompts.text({
+              message: "Enter the channel name:",
+              placeholder: "nostr",
+            });
+            if (prompts.isCancel(custom)) {
+              prompts.cancel("Setup cancelled.");
+              return;
+            }
+            selectedChannel = custom as string;
+          }
+
+          const targetHint = getTargetHint(selectedChannel);
+          const target = await prompts.text({
+            message: `Admin contact (${targetHint.label}):`,
+            placeholder: targetHint.placeholder,
+            initialValue: currentConfig.adminTarget || "",
+            validate: (val: string) =>
+              val.trim().length === 0 ? "Required" : undefined,
+          });
+
+          if (prompts.isCancel(target)) {
+            prompts.cancel("Setup cancelled.");
+            return;
+          }
+
+          // Write config
+          console.log("");
+          try {
+            execFileSync("bash", [
+              "-c",
+              `openclaw config set "plugins.entries.${PLUGIN_ID}.config.channel" "${selectedChannel}" && ` +
+                `openclaw config set "plugins.entries.${PLUGIN_ID}.config.adminTarget" "${(target as string).trim()}"`,
+            ], { encoding: "utf-8", timeout: 15_000 });
+          } catch {
+            prompts.log.error("Failed to write config. Set manually:");
+            printManualConfig(selectedChannel, (target as string).trim());
+            return;
+          }
+
+          prompts.log.success(
+            `Channel: ${selectedChannel}\n  Admin: ${(target as string).trim()}`,
+          );
+
+          // Check allowlist baseline
+          if (existsSync(APPROVALS_FILE)) {
+            try {
+              const data = JSON.parse(readFileSync(APPROVALS_FILE, "utf-8"));
+              const sec = data?.agents?.main?.security;
+              prompts.log.info(
+                `Allowlist baseline: ${APPROVALS_FILE}\n  Security mode: ${sec || "not set"}`,
+              );
+            } catch {
+              // skip
+            }
+          }
+
+          prompts.log.info(
+            "Restart the gateway to apply changes:\n  openclaw gateway restart",
+          );
+
+          prompts.outro(
+            "Setup complete! Commands available: /grant <min>, /revoke, /grant-status",
+          );
+        });
+    },
+    { commands: ["exec-grant-setup"] },
+  );
+
+  // --- Slash commands ---
   api.registerCommand({
     name: "grant",
     description: "Activate time-boxed elevated shell access (admin only)",
@@ -28,7 +252,12 @@ export default function register(api: any) {
       if (!minutes || !/^\d+$/.test(minutes)) {
         return { text: "Usage: /grant <minutes>  (1-120)" };
       }
-      const result = runScript("grant.sh", [minutes]);
+      const replyChannel = ctx.channel || channel;
+      const replyTarget = ctx.sender || adminTarget;
+      const result = runScript("grant.sh", [minutes], {
+        EXEC_GRANT_CHANNEL: replyChannel || "",
+        EXEC_GRANT_TARGET: replyTarget || "",
+      });
       return { text: result };
     },
   });
@@ -38,8 +267,13 @@ export default function register(api: any) {
     description: "Revoke elevated shell access immediately (admin only)",
     acceptsArgs: false,
     requireAuth: true,
-    handler() {
-      const result = runScript("revoke.sh");
+    handler(ctx: any) {
+      const replyChannel = ctx.channel || channel;
+      const replyTarget = ctx.sender || adminTarget;
+      const result = runScript("revoke.sh", [], {
+        EXEC_GRANT_CHANNEL: replyChannel || "",
+        EXEC_GRANT_TARGET: replyTarget || "",
+      });
       return { text: result };
     },
   });
@@ -55,3 +289,47 @@ export default function register(api: any) {
     },
   });
 }
+
+function getTargetHint(channel: string): {
+  label: string;
+  placeholder: string;
+} {
+  switch (channel) {
+    case "whatsapp":
+    case "signal":
+      return { label: "E.164 phone number", placeholder: "+16505551234" };
+    case "telegram":
+      return { label: "chat ID or @username", placeholder: "@admin" };
+    case "slack":
+      return {
+        label: "channel or user ID",
+        placeholder: "#approvals or @admin",
+      };
+    case "discord":
+      return { label: "channel or user ID", placeholder: "#approvals" };
+    case "msteams":
+      return { label: "channel or user", placeholder: "user@company.com" };
+    case "matrix":
+      return { label: "room or user", placeholder: "@admin:matrix.org" };
+    default:
+      return { label: "recipient identifier", placeholder: "admin" };
+  }
+}
+
+function printManualConfig(channel?: string, target?: string): void {
+  console.log(`    "plugins": {`);
+  console.log(`      "entries": {`);
+  console.log(`        "${PLUGIN_ID}": {`);
+  console.log(`          "enabled": true,`);
+  console.log(`          "config": {`);
+  console.log(
+    `            "adminTarget": "${target || "<your-admin-contact>"}"`,
+  );
+  console.log(
+    `            "channel": "${channel || "<whatsapp|telegram|slack|...>"}"`,
+  );
+  console.log(`          }`);
+  console.log(`        }`);
+  console.log(`      }`);
+  console.log(`    }`);
+}

package/openclaw.plugin.json

@@ -1,22 +1,30 @@
 {
   "id": "openclaw-plugin-exec-grant",
   "name": "Exec Grant",
-  "description": "Time-boxed elevated shell access with WhatsApp admin approval",
+  "description": "Time-boxed elevated shell access with admin approval via any messaging channel",
   "version": "1.0.0",
   "configSchema": {
     "type": "object",
     "properties": {
-      "adminPhone": {
+      "adminTarget": {
         "type": "string",
-        "description": "E.164 phone number of the admin who approves grants"
+        "description": "Admin contact: E.164 phone for WhatsApp/Signal, chat ID for Telegram, channel/user for Slack/Discord"
+      },
+      "channel": {
+        "type": "string",
+        "description": "Messaging channel to use for approval requests (e.g. whatsapp, telegram, slack, discord, signal)"
       }
     },
     "additionalProperties": false
   },
   "uiHints": {
-    "adminPhone": {
-      "label": "Admin Phone (E.164)",
-      "placeholder": "+16505551234"
+    "adminTarget": {
+      "label": "Admin Target",
+      "placeholder": "+16505551234 or @admin or #approvals"
+    },
+    "channel": {
+      "label": "Channel",
+      "placeholder": "whatsapp"
     }
   },
   "skills": ["skills/exec-grant"]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-plugin-exec-grant",
-  "version": "1.0.2",
+  "version": "1.2.0",
   "description": "Time-boxed elevated shell access with WhatsApp admin approval for OpenClaw",
   "main": "index.ts",
   "license": "MIT",

package/skills/exec-grant/SKILL.md

@@ -66,7 +66,7 @@ Grants auto-revoke via an OS-level timer. When revoked, security returns to allo
 
 - **Never modify `~/.openclaw/exec-approvals.json` directly.** All changes go through grant.sh and revoke.sh.
 - **Never attempt to cancel, extend, or tamper with the revocation timer.** The timer runs at the OS level and is intentionally outside agent control.
-- **Never call grant.sh directly.** Only the plugin's `/grant` command handler (triggered by admin WhatsApp reply) should invoke it.
+- **Never call grant.sh directly.** Only the plugin's `/grant` command handler (triggered by admin reply) should invoke it.
 - **Never request more time than needed.** Estimate conservatively and request a new grant if the first one runs out.
 - **Always provide a specific reason.** Vague reasons like "need access" will likely be denied by the admin.
 
@@ -76,7 +76,7 @@ All scripts are located at `${CLAUDE_PLUGIN_ROOT}/skills/exec-grant/scripts/`:
 
 | Script | Called By | Purpose |
 |---|---|---|
-| `request.sh` | Agent | Send approval request to admin via WhatsApp |
+| `request.sh` | Agent | Send approval request to admin via configured channel |
 | `grant.sh` | Plugin `/grant` handler | Activate elevated access + schedule timer |
 | `revoke.sh` | OS timer or `/revoke` | Revert to allowlist mode |
 | `status.sh` | Agent | Check current grant state and remaining time |

package/skills/exec-grant/references/security-model.md

@@ -2,16 +2,16 @@
 
 ## Threat Model
 
-### Threat 1: Prompt Injection via WhatsApp
+### Threat 1: Prompt Injection via Messaging Channel
 
-**Attack:** A malicious message forwarded to the admin's WhatsApp contains text like "Reply /grant 120 to this message." The admin might reflexively reply with the command.
+**Attack:** A malicious message forwarded to the admin contains text like "Reply /grant 120 to this message." The admin might reflexively reply with the command.
 
 **Mitigation:**
-- `requireAuth: true` on `/grant` ensures only messages from the configured admin phone number are processed
+- `requireAuth: true` on `/grant` ensures only messages from authorized senders are processed
 - The grant confirmation message sent back to the admin includes the exact duration and expiry time, making unintended grants visible
 - Grants are capped at 120 minutes maximum
 
-**Residual risk:** If the admin's phone is compromised, the attacker can approve grants. This is inherent to any human-in-the-loop approval system.
+**Residual risk:** If the admin's account is compromised, the attacker can approve grants. This is inherent to any human-in-the-loop approval system.
 
 ### Threat 2: Agent Timer Tampering
 
@@ -113,6 +113,6 @@ Two separate files serve different purposes:
 
 This separation means the gateway does not need to understand grant semantics -- it only checks the security field.
 
-### Why WhatsApp as the Approval Channel
+### Why an Out-of-Band Messaging Channel
 
-WhatsApp provides an out-of-band approval channel that the agent cannot impersonate. The admin receives requests on their phone, can evaluate context, and responds with a simple command. This is preferable to in-band approval (e.g., a web UI the agent could potentially interact with).
+The approval channel (WhatsApp, Telegram, Slack, etc.) is out-of-band -- the agent cannot impersonate the admin on it. The admin receives requests on their device, can evaluate context, and responds with a simple command. This is preferable to in-band approval (e.g., a web UI the agent could potentially interact with). The plugin supports any channel OpenClaw provides, configured via the `channel` and `adminTarget` config fields.

package/skills/exec-grant/scripts/grant.sh

@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 # grant.sh -- Called by plugin /grant handler: activates elevated access + timer
 # Usage: grant.sh <minutes>
+# Env: EXEC_GRANT_CHANNEL, EXEC_GRANT_TARGET (set by index.ts from command context)
 set -euo pipefail
 
 # Ensure openclaw is on PATH (npm global bin may not be in non-interactive shells)
@@ -32,10 +33,8 @@ SECONDS_TO_ADD=$(( MINUTES * 60 ))
 EXPIRY=$(( NOW + SECONDS_TO_ADD ))
 
 if date -v+1S +%s >/dev/null 2>&1; then
-  # macOS (BSD date)
   EXPIRY_HUMAN=$(date -r "$EXPIRY" '+%Y-%m-%d %H:%M:%S %Z')
 else
-  # Linux (GNU date)
   EXPIRY_HUMAN=$(date -d "@${EXPIRY}" '+%Y-%m-%d %H:%M:%S %Z')
 fi
 
@@ -54,7 +53,6 @@ if [[ ! -f "$APPROVALS_FILE" ]]; then
 ENDJSON
 fi
 
-# Targeted jq edit: only change .agents.main.security
 TEMP_FILE=$(mktemp)
 jq '.agents.main.security = "full"' "$APPROVALS_FILE" > "$TEMP_FILE" && mv "$TEMP_FILE" "$APPROVALS_FILE"
 
@@ -63,7 +61,6 @@ REVOKE_SCRIPT="${SCRIPT_DIR}/revoke.sh"
 TIMER_ID=""
 
 if command -v systemctl >/dev/null 2>&1 && systemctl --user status >/dev/null 2>&1; then
-  # Linux: systemd-run (tamper-resistant -- agent cannot cancel)
   systemd-run --user \
     --on-active="${MINUTES}m" \
     --unit=exec-grant-revoke \
@@ -72,52 +69,13 @@ if command -v systemctl >/dev/null 2>&1 && systemctl --user status >/dev/null 2>
 fi
 
 if [[ -z "$TIMER_ID" ]] && [[ "$(uname)" == "Darwin" ]]; then
-  # macOS: launchd plist
-  PLIST_LABEL="com.openclaw.exec-grant-revoke"
-  PLIST_PATH="$HOME/Library/LaunchAgents/${PLIST_LABEL}.plist"
-  mkdir -p "$HOME/Library/LaunchAgents"
-
-  cat > "$PLIST_PATH" <<PLIST
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-    <key>Label</key>
-    <string>${PLIST_LABEL}</string>
-    <key>ProgramArguments</key>
-    <array>
-        <string>/bin/bash</string>
-        <string>${REVOKE_SCRIPT}</string>
-    </array>
-    <key>StartInterval</key>
-    <integer>0</integer>
-    <key>LaunchOnlyOnce</key>
-    <true/>
-    <key>RunAtLoad</key>
-    <false/>
-    <key>StandardOutPath</key>
-    <string>${HOME}/.openclaw/exec-grant-revoke.log</string>
-    <key>StandardErrorPath</key>
-    <string>${HOME}/.openclaw/exec-grant-revoke.log</string>
-</dict>
-</plist>
-PLIST
-
-  # Use a delayed start: unload any existing, then schedule via at-style workaround
-  launchctl unload "$PLIST_PATH" 2>/dev/null || true
-
-  # launchd doesn't have on-active like systemd; use sleep-based subprocess
   (sleep "$SECONDS_TO_ADD" && bash "$REVOKE_SCRIPT") &
   BG_PID=$!
   disown "$BG_PID" 2>/dev/null || true
   TIMER_ID="bg:${BG_PID}"
-
-  # Clean up the plist since we're using bg approach
-  rm -f "$PLIST_PATH"
 fi
 
 if [[ -z "$TIMER_ID" ]]; then
-  # Fallback: background sleep + revoke
   (sleep "$SECONDS_TO_ADD" && bash "$REVOKE_SCRIPT") &
   BG_PID=$!
   disown "$BG_PID" 2>/dev/null || true
@@ -139,12 +97,13 @@ ENDJSON
 # --- Audit log ---
 echo "[$(date -u '+%Y-%m-%dT%H:%M:%SZ')] GRANT: ${MINUTES}m, expires ${EXPIRY_HUMAN}, timer=${TIMER_ID}" >> "$AUDIT_LOG"
 
-# --- Notify admin ---
-ADMIN_PHONE=$(openclaw config get plugins.entries.openclaw-plugin-exec-grant.config.adminPhone 2>/dev/null | tail -1 | tr -d '[:space:]' || true)
+# --- Notify admin (uses channel context from the /grant command) ---
+NOTIFY_CHANNEL="${EXEC_GRANT_CHANNEL:-}"
+NOTIFY_TARGET="${EXEC_GRANT_TARGET:-}"
 
-if [[ -n "$ADMIN_PHONE" ]]; then
+if [[ -n "$NOTIFY_TARGET" ]] && [[ -n "$NOTIFY_CHANNEL" ]]; then
   MSG="Grant active for *${MINUTES}m*. Expires at ${EXPIRY_HUMAN}. Reply \`/revoke\` to end early."
-  openclaw message send --target "$ADMIN_PHONE" --channel whatsapp --message "$MSG" 2>/dev/null || true
+  openclaw message send --target "$NOTIFY_TARGET" --channel "$NOTIFY_CHANNEL" --message "$MSG" 2>/dev/null || true
 fi
 
 echo "Grant activated: ${MINUTES}m of full shell access. Expires at ${EXPIRY_HUMAN}."

package/skills/exec-grant/scripts/request.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# request.sh -- Agent-facing: sends WhatsApp approval request to admin
+# request.sh -- Agent-facing: sends approval request to admin
 # Usage: request.sh <minutes> "<reason>"
 set -euo pipefail
 
@@ -10,6 +10,7 @@ done
 
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 STATE_FILE="$HOME/.openclaw/exec-grant-state.json"
+PLUGIN_ID="openclaw-plugin-exec-grant"
 
 # --- Arg validation ---
 if [[ $# -lt 2 ]]; then
@@ -43,7 +44,6 @@ if [[ -f "$STATE_FILE" ]]; then
       echo "Error: grant already active with ${REMAINING}m remaining. Use status.sh to check." >&2
       exit 1
     fi
-    # Expired but not cleaned up -- status.sh will self-heal
   fi
 
   if [[ "$STATUS" == "pending" ]]; then
@@ -51,22 +51,27 @@ if [[ -f "$STATE_FILE" ]]; then
     NOW=$(date +%s)
     ELAPSED=$(( NOW - REQUESTED_AT ))
     if [[ "$ELAPSED" -lt 300 ]]; then
-      echo "Error: approval request already pending (sent $(( ELAPSED ))s ago). Wait for admin response." >&2
+      echo "Error: approval request already pending (sent ${ELAPSED}s ago). Wait for admin response." >&2
       exit 1
     fi
-    # Stale pending request (>5m) -- allow re-request
   fi
 fi
 
-# --- Get admin phone ---
-ADMIN_PHONE=$(openclaw config get plugins.entries.openclaw-plugin-exec-grant.config.adminPhone 2>/dev/null | tail -1 | tr -d '[:space:]' || true)
+# --- Read plugin config ---
+ADMIN_TARGET=$(openclaw config get "plugins.entries.${PLUGIN_ID}.config.adminTarget" 2>/dev/null | tail -1 | tr -d '[:space:]' || true)
+CHANNEL=$(openclaw config get "plugins.entries.${PLUGIN_ID}.config.channel" 2>/dev/null | tail -1 | tr -d '[:space:]' || true)
 
-if [[ -z "$ADMIN_PHONE" ]]; then
-  echo "Error: no admin phone configured. Set plugins.entries.openclaw-plugin-exec-grant.config.adminPhone" >&2
+if [[ -z "$ADMIN_TARGET" ]]; then
+  echo "Error: no admin target configured. Set plugins.entries.${PLUGIN_ID}.config.adminTarget" >&2
   exit 1
 fi
 
-# --- Send WhatsApp approval request ---
+if [[ -z "$CHANNEL" ]]; then
+  echo "Error: no channel configured. Set plugins.entries.${PLUGIN_ID}.config.channel" >&2
+  exit 1
+fi
+
+# --- Send approval request ---
 MSG="*Elevated Access Request*
 
 Agent requests *${MINUTES}m* of full shell access.
@@ -75,7 +80,7 @@ Agent requests *${MINUTES}m* of full shell access.
 
 Reply \`/grant ${MINUTES}\` to approve or ignore to deny."
 
-openclaw message send --target "$ADMIN_PHONE" --channel whatsapp --message "$MSG"
+openclaw message send --target "$ADMIN_TARGET" --channel "$CHANNEL" --message "$MSG"
 
 # --- Write pending state ---
 mkdir -p "$(dirname "$STATE_FILE")"
@@ -87,8 +92,9 @@ cat > "$STATE_FILE" <<ENDJSON
   "requested_minutes": ${MINUTES},
   "reason": $(jq -n --arg v "$REASON" '$v'),
   "requested_at": ${NOW},
-  "admin_phone": $(jq -n --arg v "$ADMIN_PHONE" '$v')
+  "admin_target": $(jq -n --arg v "$ADMIN_TARGET" '$v'),
+  "channel": $(jq -n --arg v "$CHANNEL" '$v')
 }
 ENDJSON
 
-echo "Approval request sent to admin. Waiting for /grant ${MINUTES} reply."
+echo "Approval request sent to admin via ${CHANNEL}. Waiting for /grant ${MINUTES} reply."

package/skills/exec-grant/scripts/revoke.sh

@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 # revoke.sh -- Called by timer or /revoke: reverts to allowlist mode
 # Usage: revoke.sh
+# Env: EXEC_GRANT_CHANNEL, EXEC_GRANT_TARGET (set by index.ts when called via /revoke)
 set -euo pipefail
 
 # Ensure openclaw is on PATH (npm global bin may not be in non-interactive shells)
@@ -8,6 +9,7 @@ for p in "$HOME/.npm-global/bin" "$HOME/.local/bin" "$HOME/node_modules/.bin"; d
   [[ -d "$p" ]] && export PATH="$p:$PATH"
 done
 
+PLUGIN_ID="openclaw-plugin-exec-grant"
 STATE_FILE="$HOME/.openclaw/exec-grant-state.json"
 APPROVALS_FILE="$HOME/.openclaw/exec-approvals.json"
 AUDIT_LOG="$HOME/.openclaw/exec-grant-audit.log"
@@ -29,8 +31,6 @@ if [[ -f "$STATE_FILE" ]]; then
     systemctl --user stop "${UNIT}.timer" 2>/dev/null || true
     systemctl --user stop "${UNIT}.service" 2>/dev/null || true
   fi
-  # bg: timers cannot be reliably cancelled cross-process, but the revoke
-  # itself is idempotent so a second invocation is harmless
 fi
 
 # --- Update state file ---
@@ -46,10 +46,18 @@ ENDJSON
 echo "[$(date -u '+%Y-%m-%dT%H:%M:%SZ')] REVOKE: security restored to allowlist" >> "$AUDIT_LOG"
 
 # --- Notify admin ---
-ADMIN_PHONE=$(openclaw config get plugins.entries.openclaw-plugin-exec-grant.config.adminPhone 2>/dev/null | tail -1 | tr -d '[:space:]' || true)
+# When called from /revoke command, env vars are set by index.ts
+# When called from timer, fall back to plugin config
+NOTIFY_CHANNEL="${EXEC_GRANT_CHANNEL:-}"
+NOTIFY_TARGET="${EXEC_GRANT_TARGET:-}"
+
+if [[ -z "$NOTIFY_TARGET" ]] || [[ -z "$NOTIFY_CHANNEL" ]]; then
+  NOTIFY_TARGET=$(openclaw config get "plugins.entries.${PLUGIN_ID}.config.adminTarget" 2>/dev/null | tail -1 | tr -d '[:space:]' || true)
+  NOTIFY_CHANNEL=$(openclaw config get "plugins.entries.${PLUGIN_ID}.config.channel" 2>/dev/null | tail -1 | tr -d '[:space:]' || true)
+fi
 
-if [[ -n "$ADMIN_PHONE" ]]; then
-  openclaw message send --target "$ADMIN_PHONE" --channel whatsapp --message "Grant revoked. Security restored to allowlist mode." 2>/dev/null || true
+if [[ -n "$NOTIFY_TARGET" ]] && [[ -n "$NOTIFY_CHANNEL" ]]; then
+  openclaw message send --target "$NOTIFY_TARGET" --channel "$NOTIFY_CHANNEL" --message "Grant revoked. Security restored to allowlist mode." 2>/dev/null || true
 fi
 
 echo "Grant revoked. Security restored to allowlist mode."