SKILL.md is the declarative manifest file that defines an OpenClaw skill's name, description, permissions, tools, and behavioral instructions.
SKILL.md is the standardized manifest format used by OpenClaw to define AI agent skills. Every skill in the OpenClaw ecosystem is described by a single SKILL.md file that declares what the skill does, what permissions it needs, what tools it provides, and how the agent should behave when using it.
The format is human-readable Markdown with structured frontmatter, making it easy to audit, version-control, and share. When you run `npx clawhub@latest install
A typical SKILL.md file contains: - Name & Description — Human-readable identity of the skill - Permissions — Filesystem, network, and system access declarations - Tools — Named functions the skill exposes to the AI agent - Instructions — Behavioral guidelines for how the agent should use the skill - Input/Output Schema — Optional structured data definitions The permission declarations are critical for security. They tell users exactly what system resources the skill will access, enabling informed trust decisions before installation.
SKILL.md's transparency is a key security feature. Unlike opaque plugin binaries, SKILL.md files are plain text that anyone can read and audit. The ClawSkills directory uses SKILL.md content to generate security ratings and permission summaries. For a detailed guide on auditing SKILL.md files, see our security audit article.
No. A README documents a project for humans. SKILL.md is a machine-readable manifest that OpenClaw parses to understand a skill's capabilities and constraints. It's closer to a package.json than a README.
Yes. Any developer can create a SKILL.md file and publish it as an OpenClaw skill. See our guide on how to create OpenClaw skills for templates and examples.
If a skill accesses resources not declared in its SKILL.md, it's a red flag. Verified skills in the ClawSkills directory have been audited for permission accuracy.