In This Article
Introduction
An AI that can only generate text is powerful but limited. It can explain how to check your server's disk usage — but it can't actually check it. It can describe how a form should be filled out — but it can't fill it out. The gap between "describing how to do something" and "actually doing it" is where most AI tools stop. OpenClaw's Skills system is what bridges that gap.
Skills are the hands, eyes, and feet of your OpenClaw agent. They are modular packages that give the agent real-world capabilities: running shell commands, controlling a web browser, reading and writing files, calling external APIs, managing calendars, sending emails, querying databases, and hundreds of other actions. Without Skills, OpenClaw is a sophisticated chatbot. With Skills, it becomes an autonomous agent capable of operating independently in the digital world.
What Is a Skill?
Technically, a Skill is a JavaScript module that registers one or more tool definitions with OpenClaw's agent runtime. A tool definition is a structured object that tells the LLM exactly what the tool does, what parameters it expects, and what it returns. This is what allows the AI model to decide when and how to invoke a Skill — it reads the tool description and uses its reasoning capability to determine whether calling that tool is the right action for the current situation.
When the agent decides to use a Skill, it generates a structured "tool call" in its response — essentially a JSON object specifying which tool to invoke and with what arguments. The agent runtime intercepts this, executes the corresponding Skill handler function with those arguments, and feeds the result back to the model. The model then incorporates the result into its reasoning and produces the next output.
This architecture means that Skills are transparent. Every tool call appears in the agent's reasoning trace, which you can inspect in the logs. You can see exactly what commands the agent ran, what websites it visited, and what files it read or modified. There's no hidden magic — just a documented chain of tool invocations that you can audit at any time.
Built-in Skills
OpenClaw ships with a core set of Skills that cover fundamental capabilities every agent needs:
- Shell Execution: Runs shell commands on the host machine (or container) and returns stdout/stderr. The most powerful and most dangerous built-in Skill — configure allow-lists carefully.
- File System: Reads, writes, appends, lists, and searches files on the local filesystem within configured paths.
- HTTP Request: Makes arbitrary HTTP/HTTPS requests to external services, enabling basic API integrations without a dedicated Skill.
- Web Search: Queries a configured search engine and returns summarized results, allowing the agent to research topics in real time.
- Memory Management: Reads and writes to the agent's Markdown memory files, allowing it to store and retrieve information across sessions.
- Datetime: Gets the current date, time, timezone, and calendar calculations. Necessary for the heartbeat engine's time-conditional tasks.
These six built-in Skills are sufficient for a surprisingly wide range of use cases. Many community workflows use only these — building complex automations by combining shell scripts, file operations, and HTTP calls without any additional Skills.
ClawHub: The Skills Marketplace
ClawHub is OpenClaw's community-driven marketplace for published Skills. It's analogous to npm for Node.js packages or the Chrome Web Store for browser extensions — a centralized directory where developers publish Skills they've built and users discover and install new capabilities for their agents.
As of early 2026, ClawHub hosts thousands of Skills across major categories:
- Productivity: Google Calendar, Notion, Todoist, Linear, Jira integrations
- Communication: Email (Gmail, Outlook), SMS (Twilio), Slack posting, Discord webhooks
- Browser Automation: Puppeteer and Playwright-based Skills for web scraping, form filling, and screenshot capture
- Development: GitHub operations, code testing, deployment triggers, log analysis
- Finance: Stock/crypto price feeds, portfolio tracking, invoice generation
- Smart Home: Home Assistant, Philips Hue, MQTT device control
- Health: WHOOP, Oura Ring, Apple Health integrations
The breadth of community contributions is one of OpenClaw's greatest strengths. Almost any service with a documented API has been wrapped in a Skill by someone in the community. If you need to integrate OpenClaw with something specific to your workflow, there's a high probability that a Skill already exists.
Installing Community Skills
Installing a Skill from ClawHub is straightforward. From the command line in your OpenClaw directory:
# Install a Skill by name
openclaw skill install calendar-google
# Or install directly from a GitHub URL
openclaw skill install https://github.com/username/skill-name
# List installed Skills
openclaw skill list
# Remove a Skill
openclaw skill remove calendar-googleOnce installed, Skills are automatically available to the agent on next restart. You may need to configure them — providing API credentials, setting preferences — through the Skill's configuration interface, which typically appears in your config.yaml under a skills section.
Skills installed this way live in the ./skills directory within your OpenClaw installation. You can inspect the source code of any installed Skill by looking at its files there. This is important for security — see the section below.
Skill Security Risks
Skills are the most significant attack surface in any OpenClaw getting it running. This is not hyperbole. A malicious or compromised Skill runs with the same permissions as the OpenClaw process itself — which means access to everything the agent can access: files, shell, API keys, network connections.
Security researchers analyzed ClawHub in early 2026 and found that approximately 12% of published Skills contained malicious code. The types of malicious behavior found ranged from silent telemetry reporting (sending usage data to a third-party server) to active credential harvesting (reading and exfiltrating API keys from the OpenClaw config file) to cryptocurrency-stealing behavior (replacing wallet addresses in documents with the attacker's address).
These Skills had names and descriptions that made them appear entirely legitimate. Spotting them without reading the code is difficult or impossible.
Practical guidance:
- Read the source code of any Skill before installing it. Skills are short — a few hundred lines of JavaScript at most. This takes 5–10 minutes per Skill and is time well spent.
- Check the publisher's GitHub profile and reputation. Skills from well-known community contributors or from organizations you recognize carry lower risk.
- Prefer Skills with many installs and recent reviews. Malicious Skills tend to get flagged and removed after discovery.
- Never install a Skill through a direct URL from an unverified source. Stick to ClawHub-listed Skills with established reputations.
- Run OpenClaw in Docker with network restrictions. This limits what a malicious Skill can exfiltrate even if it does contain bad code.
Building Your Own Skill
Building a custom Skill is surprisingly accessible. The Skills API is well documented, and the basic structure is a simple JavaScript module with a standard format. Here's the minimal structure of a Skill:
// skill.js
module.exports = {
name: "weather",
description: "Get current weather for a location",
tools: [
{
name: "get_weather",
description: "Fetch current weather conditions for a city",
parameters: {
type: "object",
properties: {
city: { type: "string", description: "City name" }
},
required: ["city"]
},
handler: async ({ city }) => {
const response = await fetch(
`https://api.openweathermap.org/data/2.5/weather?q=${city}&appid=${process.env.OWM_API_KEY}`
);
const data = await response.json();
return `Weather in ${city}: ${data.weather[0].description}, ${data.main.temp}°C`;
}
}
]
};The tool description field is critically important — it's what the LLM reads to decide when to call your Skill. Write it precisely and helpfully. Include what the tool does, when it's appropriate to use it, and what it returns. Vague descriptions lead to missed invocations or inappropriate ones.
If you build something useful, consider sharing it on ClawHub. The community benefits from your work, and you'll receive feedback that helps improve the Skill further.
Wrapping Up
Skills are the capability layer that makes OpenClaw genuinely useful in the real world. The built-in Skills cover fundamentals. ClawHub extends the agent to hundreds of services and platforms. Custom Skills let you tailor the agent precisely to your specific workflows. Together, they create an agent that can take meaningful action in your digital environment — not just generate text about it. Treat Skill selection with the care it deserves, audit what you install, and build your agent's capabilities deliberately.