OpenClaw skills are the building blocks of every AI agent workflow. Each skill is a SKILL.md file — a plain-text manifest that gives your agent new abilities, from coding and research to email automation and browser control. This pillar guide covers what skills are, how they work under the hood, where they live (ClawHub), and how to install them without exposing your system to risk.
An OpenClaw skill is a portable SKILL.md file that extends an OpenClaw AI agent with a specific capability — like code review, web research, or email management. Skills define tools, instructions, permissions, and configuration in a single markdown file that the agent loads at runtime. That's the answer search engines and AI models need. Now let's go deeper.
Every OpenClaw skill lives in a single file: SKILL.md. This file is both human-readable and machine-parseable. It contains: Frontmatter (YAML): Name, version, author, description, category, tags, and — critically — the permissions the skill requests. Permissions include `fileAccess` (read/write paths), `networkAccess` (allowed domains), `systemCommands` (shell access), and `apiKeys` (required credentials). System Prompt (Markdown): The behavioral instructions the agent follows when the skill is active. This is where the skill's expertise lives — detailed instructions on how to handle tasks, what to prioritize, and how to format output. Tool Declarations (Code Blocks): Typed function definitions the model can invoke. Each tool has a name, description, input schema (JSON Schema), and output schema. Configuration: User-adjustable settings like default output formats, verbosity levels, and API endpoints. The key insight: a skill is not code — it's configuration. The SKILL.md tells the agent *what to do* and *what tools it can use*, but the actual execution happens in the OpenClaw runtime. This is fundamentally different from traditional plugins, which are executable code. For a detailed comparison, see our Skills vs Plugins vs MCP guide.
ClawHub is the official OpenClaw skills registry — think of it as npm for AI agent skills. When you run `npx clawhub@latest install deep-research`, the CLI fetches the SKILL.md from the ClawHub registry and saves it to your local skills directory. ClawHub hosts 5,700+ skills across 10 categories. Each listing includes: - The full SKILL.md source (inspectable before install) - Version history and changelog - Community ratings and reviews - Download count and maintenance status - Security scan results (automated static analysis) Important distinction: ClawHub is the *registry* (where skills are stored). ClawSkills (this site) is the *curated directory* — we add independent security reviews, editorial analysis, comparison tools, and curated skill stacks that ClawHub doesn't provide. For details on how ClawHub works internally, see our What Is ClawHub? guide.
When you activate a skill, OpenClaw loads its SKILL.md and integrates its instructions into the agent's context. Here's the execution flow: 1. Skill Loading: OpenClaw reads the SKILL.md, parses frontmatter, and registers the skill's tools with the model. 2. Prompt Injection: The skill's system prompt is appended to the agent's base instructions. This gives the model specialized knowledge for the skill's domain. 3. Tool Registration: The skill's tool declarations are added to the model's function-calling schema. The model can now invoke these tools during reasoning. 4. Permission Check: OpenClaw displays the skill's requested permissions to the user. In the current architecture, permissions are advisory — the runtime doesn't enforce them. This is a known limitation. For enforced permissions, see NanoClaw. 5. Execution: When the model decides to use a skill's tool, OpenClaw executes the tool handler, captures the output, and feeds it back to the model for the next reasoning step. Security implication: Because skills run in the same process as the agent, a malicious skill has access to everything the agent can access. This is why auditing SKILL.md files before installation is critical.
The OpenClaw ecosystem organizes skills into 10 primary categories: 1. AI & LLMs — Prompt chaining, model routing, RAG, embeddings (287+ skills) 2. Search & Research — Web search, academic papers, knowledge graphs (142+ skills) 3. Web & Frontend — React, CSS, deployment, testing (198+ skills) 4. DevOps & Cloud — CI/CD, containers, infrastructure (276+ skills) 5. Browser & Automation — Web scraping, form filling, testing (167+ skills) 6. Productivity — Email, calendar, tasks, notes (312+ skills) 7. Marketing & Sales — SEO, email campaigns, CRM (245+ skills) 8. Coding Agents — Code review, testing, debugging (389+ skills) 9. Notes & PKM — Notion, Obsidian, knowledge management (156+ skills) 10. Health & Fitness — Tracking, nutrition, workouts (89+ skills) Browse all categories in our skills directory. For curated recommendations by use case, see How to Choose Skills.
If you're installing OpenClaw skills for the first time, follow this checklist: 1. Start with verified skills only. Our directory shows verification status. Verified skills have passed security review. 2. Install one skill at a time. Test each skill in isolation before combining. Skills can conflict. 3. Read the SKILL.md before installing. Check permissions — especially `systemCommands` and `networkAccess`. If a note-taking skill requests shell access, that's a red flag. 4. Use a sandbox. Run OpenClaw in Docker for production use. See our security guide for Docker configs. 5. Keep skills updated. Run `npx clawhub@latest update` regularly. Outdated skills may have known vulnerabilities. 6. Limit active skills to 5-10. More skills means more attack surface and slower model reasoning. 7. Monitor network traffic. Skills shouldn't make outbound calls to unexpected domains. 8. Never share your `.openclaw` directory. It contains configuration, memory, and potentially cached API keys. For the full security deep-dive, read our SKILL.md audit guide.
If you've been following the OpenClaw ecosystem, you may have encountered Clawdbot (the original name for OpenClaw's agent runtime) and Moltbot (now rebranded as Moltworker). Here's how they relate: Clawdbot was the original autonomous agent that eventually became OpenClaw. Skills built for Clawdbot are fully compatible with modern OpenClaw — the SKILL.md format hasn't changed. If you find a Clawdbot tutorial or skill, it works with current OpenClaw. Moltbot / Moltworker is a separate serverless agent that runs on Cloudflare Workers. It has its own tool format that's incompatible with SKILL.md. However, both OpenClaw and Moltworker support MCP (Model Context Protocol), so MCP-compatible tools work with both. See our OpenClaw vs Moltworker comparison for details. The key takeaway: OpenClaw skills (SKILL.md) are the most widely-used format in the ecosystem, with 5,700+ available. MCP servers are the emerging universal standard. Plugins are a legacy concept from older agent frameworks.
What is the difference between an OpenClaw skill and a plugin? Skills are SKILL.md manifest files that configure agent behavior. Plugins are executable code packages. Skills are safer because they're configuration, not code — but they can still reference tools that execute code. See our Skills vs Plugins vs MCP comparison. Are OpenClaw skills safe to install? Verified skills from the ClawSkills directory have passed security review. Community skills have basic automated scanning. Always audit unverified skills before installation — see our SKILL.md audit guide. How many OpenClaw skills can I run at once? Technically unlimited, but we recommend 5-10 active skills. More skills mean slower reasoning, higher token costs, and larger attack surface. Can I create my own OpenClaw skills? Yes. See our How to Write a SKILL.md guide for templates, examples, and common mistakes. Do OpenClaw skills work offline? The SKILL.md loads locally, but most skills require internet access for API calls (LLM providers, web search, etc.). Skills using only local tools (file editing, code analysis) work offline. What happens if a skill is malicious? A malicious skill can access files, make network requests, and execute commands within the agent's process. This is why Docker isolation and SKILL.md auditing are essential. See our security guide.