What are OpenClaw skills, and how do they work?
Skills are instruction packs that teach your agent repeatable workflows. How they load, where they come from, and how to add them without importing risk.
A skill is an instruction pack — a SKILL.md file — that loads into your agent’s prompt and teaches it a repeatable workflow: a command sequence, a review rubric, an operating constraint. Skills don’t give the agent new tools; they teach it how to use the tools it already has for a specific job. They can live in your agent’s workspace, come bundled, or be installed from the ClawHub registry.
The idea: teachable workflows, as files
OpenClaw’s docs define the boundary well: use a skill when the agent already has the capabilities it needs but requires a repeatable way of working. “How we file expenses,” “how to summarize my morning inbox,” “the checklist before posting anything” — each is a skill-shaped thing: not a new ability, but a codified habit. Because a skill is ultimately a markdown file of instructions, the same properties that make OpenClaw’s memory pleasant apply here — you can read exactly what a skill tells your agent to do, edit it, and version it like any other file.
Where skills come from
- You write them. A workspace skill is just a file — describe the workflow you want, and your agent can even help draft it (the docs ship a “skill workshop” flow for exactly this, and a self-learning path where the agent proposes skills from patterns in its own work).
- They ship with things. Plugins and the managed skill root can carry skills with them.
- You install them from ClawHub — the public registry (
openclaw skills search,openclaw skills install <name>). ClawHub deserves its own explainer, including the security half of the story.
The security frame: a skill is influence
Here’s the mental model that keeps skill usage sane: a skill is text that instructs your agent. Installing one is letting someone else write standing orders for software that can run commands, read files, and act on your behalf. Three practices follow, all cheap:
- Read what you install. Skills are human-readable by design — a two-minute skim of the
SKILL.mdis the appropriate level of paranoia for anything from a public registry. - Pin versions. Install specific versions (
skill@version) rather than tracking moving targets — the security audit specifically flags unpinned installs, because a skill that was safe yesterday can be updated by someone else tomorrow. - Fewer, better. Install the skills you actually use, not a library of maybes — every installed skill is standing instructions in your agent’s head and surface area in its supply chain.
On managed pods we apply the same discipline on your behalf — pinned versions, allowlisted plugins — but the judgment about which skills your agent should have is genuinely yours: skills are where an OpenClaw agent stops being generic software and starts being your particular colleague.