Your agent talks, remembers, delegates, and follows rules. But it can only do what its tools allow. Tools grant raw capabilities. Skills teach your agent how to use them. Today you learn both — and how to add more.
What your agent can do. Each tool is a function the runtime can execute: exec, read, write, edit, web_search, web_fetch, browser, message, cron, and the sessions family. ~20 built-in tools ship with every installation. Controlled by tools.allow in config.
How your agent uses tools. A Skill is a SKILL.md file with YAML frontmatter + markdown instructions that teach the agent when and how to apply its tools. Skills don’t add permissions — they’re guidance, not grants. 53 bundled skills, 3000+ on ClawHub.
Skills never add permissions. If a tool is denied by tools.allow, no Skill can override that. For a Skill to work, three things must be true: the underlying tool is enabled (Configuration), any required bridge or CLI is installed (Installation), and the agent is authorized for the service (Authorization).
Shell execution — run terminal commands, get stdout/stderr. Most powerful and most dangerous. Requires careful allow-listing in production.
Filesystem operations — read, write, append, edit files. Foundation for memory writes, config changes, and all file-based workflows.
Search engines and HTTP requests. Gives your agent access to current information and any REST API endpoint.
Browser automation — navigate pages, click elements, fill forms, extract content. Playwright-based headless interaction.
Send messages to channels — Telegram, Discord, Slack, WhatsApp. The bridge between your agent and external platforms.
Scheduling and session management — cron for timed tasks, sessions_list/history/send/spawn for managing agent runs and sub-agents.
name and description are required. Everything else is optional. Frontmatter keys must be single-line — the parser doesn’t support multi-line values.
skills/.agents/skills/~/.agents/skills/~/.openclaw/skills/skills.load.extraDirsSkills are snapshotted when a session starts. If you edit a SKILL.md, you need to run /new or restart the gateway for changes to take effect.
API keys use SecretRef objects ({ source: "env", id: "VAR_NAME" }) so secrets stay in environment variables, never in config files.
Explicit skill lists replace inherited defaults — they do NOT merge. If you set a skills array on a specific agent, it completely replaces the defaults.
Skills become available after a /new session or gateway restart. Configure credentials in openclaw.json under skills.entries.
“Skills are the most significant attack surface in any OpenClaw deployment.” A malicious Skill runs with the same permissions as the OpenClaw process — access to files, shell, API keys, network.
ClawHub runs a built-in dangerous-code scanner that blocks critical findings, but malicious code can still slip through — npm lifecycle scripts execute during install. Skills auto-hide after 3+ unique user reports.
Run clawhub search to browse available skills. Then run /context list in chat to see how much skill definitions contribute to your context window. Remove anything you’re not using.
Run clawhub search to find something relevant to your workflow. Before installing, read the source code — remember, this is a security decision. Test it in a conversation.
Create a directory under ~/.openclaw/skills/ with a SKILL.md file. It can be simple — a unit converter, a quote generator, a task formatter. Focus on getting the “Use this when” instructions precise enough that the agent calls it at the right time.
Pick any installed skill — built-in or third-party — and read its source code end to end. Check for hardcoded credentials, unexpected outbound connections, and unsanitized inputs. Build the audit habit now.
Your agent has tools and skills. Now it needs to plug into the services you actually use every day — webhooks, authentication patterns, API connectors, and making your agent a first-class citizen in your existing toolchain. Day 11 wires it all together.