What is an OpenClaw Skill?

An OpenClaw Skill is an AgentSkills-compatible folder with a SKILL.md file that teaches OpenClaw agents tool usage or repeatable workflows.

Where do OpenClaw Skills live?

OpenClaw loads bundled skills, managed or local skills under ~/.openclaw/skills, and workspace skills under /skills.

Which OpenClaw Skill wins when names conflict?

Workspace skills take precedence over managed/local skills, which take precedence over bundled skills.

Are OpenClaw third-party skills safe by default?

No. OpenClaw documentation advises treating third-party skills as untrusted code and reviewing them before enabling.

On this page

See VibeFlow

OpenClaw Skills

Learn how OpenClaw Skills use AgentSkills-compatible folders, workspace precedence, ClawHub, metadata gates, secrets handling, and governance.

12 min read

Axiom Studio Team· Engineering

How OpenClaw Skills Work

OpenClaw Skills combine AgentSkills-compatible folders with workspace precedence, managed installs, ClawHub workflows, load-time gates, and explicit security guidance for untrusted skills.

Source checked against OpenClaw skills docs

Official documentation source

OpenClaw uses AgentSkills-compatible folders with SKILL.md frontmatter and instructions.

Workspace skills have precedence over managed/local skills, which have precedence over bundled skills.

OpenClaw security notes explicitly warn that third-party skills should be treated as untrusted code.

Primary file

SKILL.md

Workspace path

<workspace>/skills

Precedence

workspace > managed/local > bundled

Config

~/.openclaw/openclaw.json

Good fit

Agent workspaces that need per-agent skills, shared machine-level skills, and optional registry-based install/update flows.

Watch closely

Environment injection, apiKey convenience fields, binary requirements, and sandbox differences all affect risk.

Governance move

Inventory enabled entries, required binaries, env injections, and ClawHub-managed skills before broad rollout.

OpenClaw Skills use AgentSkills-compatible folders to teach the agent how to use tools and follow workflows. Each skill is a directory with SKILL.md frontmatter and instructions.

OpenClaw adds platform-specific behavior around precedence, plugin participation, registry workflows, metadata gating, and environment injection.

Locations and Precedence

OpenClaw guide

OpenClaw loads bundled skills, managed or local skills, and workspace skills. Workspace skills have the highest precedence, followed by managed/local skills, then bundled skills.

That precedence is useful for team overrides, but it means two machines or workspaces can resolve the same skill name differently unless the active source is logged.

Bundled skills ship with the install.

Managed/local skills live under ~/.openclaw/skills.

Workspace skills live under <workspace>/skills.

Extra directories can be configured through skills.load.extraDirs at lower precedence.

Plugins and ClawHub

OpenClaw guide

OpenClaw plugins can ship their own skills, and ClawHub provides a public registry for discovering, installing, updating, and syncing skills.

Registry-based installation changes the supply-chain conversation. Teams should track source, version, maintainer, and update cadence for every installed skill.

Do not over-port platform behavior

Each platform can use SKILL.md-style files, but discovery paths, invocation rules, frontmatter, permissions, and distribution mechanics differ. Verify the target platform before copying a skill unchanged.

Format and Load-Time Gating

OpenClaw guide

OpenClaw follows the AgentSkills layout intent but documents additional metadata options. Skills can be filtered by operating system, required binaries, environment variables, config values, and installer metadata.

The practical effect is that a skill can appear or disappear depending on host capabilities and configuration. Sandboxed runs may need the same binary installed inside the sandbox, not only on the host.

Permissions and Security

OpenClaw guide

OpenClaw's own documentation says third-party skills should be treated as untrusted code. That is the right default for any skill that can influence tools, inject environment values, or point agents at scripts.

The platform also documents env and apiKey injection into the host process for an agent turn. Those values must not be copied into prompts, examples, transcripts, or skill output.

Read third-party SKILL.md files and helpers before enabling them.

Prefer sandboxed runs for untrusted inputs or risky tools.

Keep secrets out of prompts, logs, and skill-authored examples.

Verify required binaries exist in the sandbox when sandboxing is enabled.

Enterprise Governance Checklist

OpenClaw guide

OpenClaw's flexible loading model should be paired with an inventory of skill locations, enabled config entries, injected environment variables, and registry sources.

For enterprise workflows, centralize audit evidence around which skill source won precedence, which env values were available, and what files or tools the skill caused the agent to touch.

Govern OpenClaw Skills with tracked agent work

VibeFlow connects reusable agent workflows to work items, execution logs, commit records, security review, QA, and durable project context. That audit trail makes skills reviewable instead of invisible prompt behavior.

See VibeFlow

Ready to get started?

See how Axiom Studio can transform your AI infrastructure with enterprise-grade governance, security, and cost optimization.

Continue Learning

Agent Skill Security

Review provenance, scripts, permissions, credentials, approvals, and logs.

OpenCode Skills

Another SKILL.md platform with compatible paths and permission rules.

What Are Agent Skills?

The shared SKILL.md and progressive-disclosure model.

Security Review Skill

A practical example for governed review workflows.