Three extension mechanisms, one agent. Skills, plugins, and MCP servers all extend OpenClaw — but they work differently, carry different risks, and suit different use cases. This practical guide cuts through the confusion with a decision table, real examples, and clear recommendations.
Use skills when you want to add behavioral instructions and orchestration to OpenClaw (most common). Use MCP servers when you need a universal tool interface that works across multiple AI agents. Use plugins when you need low-level runtime extensions with custom code execution. Most users should start with skills. Now let's unpack each approach.
What they are: Plain-text SKILL.md files containing system prompts, tool declarations, permissions, and configuration. How they work: Skills tell the agent *what to do* and *what tools to use*. They don't execute code themselves — they configure the agent's behavior. See What Are OpenClaw Skills? for the full deep-dive. Best for: - Adding domain expertise (code review, research, writing) - Orchestrating multi-step workflows - Sharing reusable agent configurations - Beginners and non-developers Risks: Skills inject system prompts into the model's context. A malicious skill can manipulate the agent's behavior by overriding instructions. Permissions are advisory, not enforced. Ecosystem size: 5,700+ on ClawHub Example: The RAG Pipeline skill defines a complete document Q&A workflow — document ingestion, embedding, search, and response generation — all in a single SKILL.md.
What they are: External processes that expose tool interfaces via the Model Context Protocol (MCP), an open standard by Anthropic. How they work: MCP servers run as separate processes and communicate with the agent via JSON-RPC over stdio or HTTP. The agent discovers available tools, sends requests, and receives structured responses. See our MCP deep-dive. Best for: - Tools that need to work across multiple AI agents (OpenClaw, Claude, GPT, Nanobot) - Heavy computation that should run in a separate process - Tools that need their own runtime (Python scripts, database connectors) - Teams building shared tooling for multiple agent platforms Risks: MCP servers run as separate processes, providing natural isolation. However, a malicious server can still exfiltrate data through its network access. The MCP spec doesn't include permission enforcement. Ecosystem size: ~3,000+ across all MCP-supporting platforms (shared ecosystem) Example: A PostgreSQL MCP server lets any MCP-compatible agent (OpenClaw, Claude Desktop, Nanobot) query your database without skill-specific configuration.
What they are: Code packages (usually JavaScript/TypeScript) that hook into OpenClaw's runtime via an API. How they work: Plugins register event handlers, middleware, and custom tool implementations that execute in the same process as the agent. They have full access to the runtime API. Best for: - Custom memory backends - Output post-processing - Authentication middleware - Advanced runtime modifications Risks: Plugins run executable code in the agent's process. They have the highest risk profile of all three approaches. A malicious plugin has full system access. Ecosystem size: ~200 (legacy, declining) Example: A custom memory plugin that stores conversation history in Redis instead of flat files. Note: The OpenClaw team has deprecated the plugin API in favor of skills + MCP. Existing plugins continue to work, but new development should use skills or MCP servers.
When to use SKILLS: - You want to add expertise to your agent → ✅ Skill - You're configuring workflows → ✅ Skill - You want to share agent behavior → ✅ Skill - You're a beginner → ✅ Skill When to use MCP: - You need cross-agent compatibility → ✅ MCP - You're connecting to databases/APIs → ✅ MCP - You need process isolation → ✅ MCP - You're building tools in Python → ✅ MCP When to use PLUGINS: - You need to modify OpenClaw internals → ✅ Plugin (consider contributing upstream instead) - You need custom memory/auth → ✅ Plugin - Everything else → ❌ Use Skills or MCP instead The hybrid approach (recommended): Use skills for agent behavior and orchestration. Use MCP servers for external integrations (databases, APIs, file systems). Skip plugins unless you're modifying the runtime itself.
Can I use skills and MCP servers together? Yes, and this is the recommended approach. Skills define *what* the agent does. MCP servers provide the *tools* it uses. A skill can reference MCP tools in its tool declarations. Are plugins being removed from OpenClaw? The plugin API is deprecated but not removed. Existing plugins continue to work. New development should use skills or MCP servers. Which is safest? MCP servers (process isolation) > Skills (configuration, not code) > Plugins (executable code). But all three require vetting before installation. See our security audit guide. Which is fastest to develop? Skills (minutes to create a SKILL.md) > MCP servers (hours to implement a server) > Plugins (days to learn the API). Can MCP servers replace skills entirely? Not yet. MCP provides tools but not behavioral orchestration. You still need skills to tell the agent *how* to use those tools effectively. Think: MCP = hands, Skills = brain. What about Clawdbot compatibility? Clawdbot (the former name for OpenClaw) uses the same SKILL.md format. All skills are backward-compatible. See What Are OpenClaw Skills? for ecosystem history.