Owner Protection
CookAI uses multiple mechanisms to ensure only the owner can control the Bot, preventing unauthorized use and balance theft.
Auto-Lock Mechanism
After Bot creation, the first person to message it automatically becomes the owner. Fully automatic, no configuration needed.
# Auto-Lock Flow1. Bot created → container starts → owner-lock.js begins listening2. First message received → extract Telegram User ID3. Write to openclaw.json → owner field locked4. Lock complete → all subsequent actions filtered by permissionsImportant: Always send the first message yourself after creating a Bot!
If someone else messages first, they become the owner and you lose control.
Allowlist Management
Through the allowFrom config, the owner can authorize other users to access some Bot features.
// Allowlist config in openclaw.json{ "allowFrom": [ { "id": "123456789", "name": "Alice" } ]}- • Allowlisted users can privately chat with the Bot
- • Allowlisted users cannot use admin commands (/model, /status, etc.)
- • Allowlisted users' conversations consume the owner's balance
- • Owner can add or remove allowlisted users at any time
💰 Balance Protection
CookAI uses multiple mechanisms to prevent unauthorized balance consumption:
- • Only owner and allowlisted users' conversations consume balance
- • In groups, non-owner @Bot chats consume balance, but commands are ignored
- • Bot stops responding when balance runs out — no overdraft
- • /status command shows balance usage anytime
/status — View balance and usage statsGroup Permission Isolation
Group chat permissions differ from private chat, ensuring safe Bot usage in groups:
| Action | Owner | Others |
|---|---|---|
| @Bot chat | ✅ | ✅ |
| Safe commands (/help, /model...) | ✅ | ❌ |
| Admin commands (/new, /verbose...) | ✅ | ❌ |
| View memory/files | ✅ | ❌ |
Everyone can @Bot in groups, but only the owner can execute commands and access sensitive features