AI Agents
Aadithyan
AadithyanJul 14, 2026

Learn what OpenClaw skills are, how SKILL.md works, how to install and create skills, and how to vet ClawHub downloads for security risks.

What Are OpenClaw Skills? Installation, Usage and Security Guide

An OpenClaw skill is a folder with a SKILL.md file that teaches an OpenClaw agent how and when to use a tool. The SKILL.md file holds YAML frontmatter plus Markdown instructions. That's the whole skill.

OpenClaw is an open-source AI agent that runs locally on your machine. A skill gives that agent a new capability, like reading your calendar or scraping a web page.

Here's the key idea: a skill is instructions, not code. It isn't a plugin, and it isn't a program you compile. It's a plain-text guide that tells the agent what a tool does and when to reach for it.

How a Skill Is Structured (the SKILL.md file)

Every skill starts with a SKILL.md file. The top of the file is YAML frontmatter with two main fields:

  • name: a short, unique identifier for the skill.
  • description: a plain-English summary of what the skill does and when to use it.
  • Optional gating fields: required tools, binaries, or environment variables the skill needs before it can run.

The description field does the heavy lifting. The agent reads your request, then matches it against each skill's description to decide which one fits. You never call a skill by name yourself.

Below the frontmatter, you write the actual instructions in Markdown. A minimal skill looks like this:

markdown
---
name: summarize-url
description: Fetch a web page and return a short summary. Use when the user shares a link and asks what it says.
---

# Summarize a URL

1. Fetch the page content at the given URL.
2. Return a 3-sentence summary of the main points.

That's a complete, working skill. Two frontmatter fields and a few lines of instructions.

Skills vs Plugins vs APIs

These three terms get mixed up, so here are quick definitions:

  • Skill: the instruction manual. It tells the agent how and when to use a tool.
  • Plugin: a bundle that can ship one or more skills plus the tools they depend on.
  • API: the external service the skill's instructions call. The skill points at it; the API does the work.

A skill often relies on an API to get real work done. The skill is the "when and how," and the API is the "what."

How OpenClaw Loads and Prioritizes Skills

OpenClaw pulls skills from several locations at once and merges them into one list. When two skills share the same name, the highest-priority source wins. This lets you override a shared skill with your own version.

Understanding the load order matters because it explains why a skill you installed might get shadowed by another one. Here's the precedence, from highest priority to lowest.

PriorityLocationScope
1 (highest)Workspace skills/Current project only
2Project or personal agent skillsThe agent you're running
3Managed ~/.openclaw/skillsShared across agents
4Bundled skillsShip with OpenClaw
5 (lowest)Extra configured directoriesCustom paths you add

Workspace skills are visible only inside that project. Managed skills in ~/.openclaw/skills are shared across every agent you run. On a name collision, the higher source in the table wins.

Gating: Why a Skill Might Not Show Up

A skill can declare requirements before it's allowed to run. These are called gates. Common gates include required binaries (requires.bins), environment variables, and config values.

If a gate isn't met, the skill isn't eligible, and the agent won't see it. For example, a skill that needs rg (ripgrep) or jq stays hidden until those tools are on your PATH.

Key point: the gateway's PATH can differ from your terminal's PATH. A tool you can run in your shell may still be invisible to OpenClaw.

Key point: skills are snapshotted when a session starts. After you install a new tool or skill, restart the gateway so OpenClaw picks up the change.

How to Install OpenClaw Skills

There are two main ways to add a skill: install one from the ClawHub registry, or create the folder yourself by hand. Most people start with ClawHub for popular skills and write manual skills for custom needs.

RouteBest forCommand
ClawHubPopular, shared skillsclawhub install <skill-slug>
ManualCustom or private skillsCreate a SKILL.md folder yourself

Installing from ClawHub

ClawHub is the public registry where developers publish skills. Install the CLI, then install a skill by its slug:

bash
npm i -g clawhub
clawhub install <skill-slug>
# or, using the OpenClaw CLI directly:
openclaw skills install @owner/<slug>

The skill lands in your workspace or managed skills directory. Restart the gateway so the new skill loads, then confirm it worked:

bash
openclaw skills list

Your new skill should appear in the output. If it doesn't, check that its gates are met and that you restarted after installing.

Installing or Writing One Manually

To write a skill by hand, create a folder with a SKILL.md file inside ~/.openclaw/skills or your workspace skills/ directory. Add the minimal frontmatter (a name and a description) followed by your instructions.

The agent picks up the new skill on its next session. No build step, no publishing.

If you'd rather have the agent draft a skill for you, use the Skill Workshop. It's the governed way to have OpenClaw write and refine a skill so the format stays correct.

The Best OpenClaw Skills by Category

The most useful skills tend to fall into a few categories: productivity, coding, communication, and web data. Below is a sample of widely-used skills to show what's out there.

Bundled first-party skills are the safest place to start, since they ship with OpenClaw and don't come from third-party publishers.

Productivity, Coding, and Communication Skills

Here are common skill categories with an example and what you can build with each:

CategoryExample skillWhat to build
ProductivityGoogle Workspace (Gmail, Calendar, Drive)Draft replies and schedule events
CodingGitHub (PRs, CI)Open pull requests and check builds
CommunicationSlack / DiscordPost updates and summarize threads
NotesObsidian / NotionCapture and organize notes
SummarizingSummarizeCondense long documents
HomeHome AssistantControl smart-home devices

The Missing Category: Reliable Web Data

Agents constantly need to read the live web. They research topics, monitor competitors, and pull fresh facts to act on. This is one of the most common jobs people give an agent.

Yet "browse the web" skills are usually the weakest link. A skill that returns a broken or empty page is worse than no skill at all, because the agent acts on bad data. This is where reliable web data matters, and it's central to web scraping in agentic workflows.

Giving Your Agent Reliable Web Data

A web-data skill is only as good as the data it returns. If the page comes back empty or blocked, every step after it fails.

Naive browser automation breaks in three predictable ways. The next sections cover each failure mode and what a good web-data skill should do instead.

Why "Just Browse the Web" Skills Break

Simple browser skills fail on real websites for three reasons:

  • JavaScript rendering: many sites build their content with JavaScript. A naive scraper that reads raw HTML gets an empty shell instead of the real page. You need a tool that renders JavaScript-rendered pages in a real browser.
  • Anti-bot defenses: the open web now blocks automated traffic aggressively. According to the 2025 Imperva Bad Bot Report, automated bot traffic made up 51% of all web traffic in 2024, with malicious bots accounting for 37%, up from 32% in 2023. Sites fight back, and a basic skill gets blocked.
  • Scale: browsing one page at a time collapses across hundreds of URLs. It's slow, and it fails partway through.

What a Good Web-Data Skill Should Do

A reliable web-data skill should hand the agent clean, structured content every time. Use this checklist:

  • Return clean output: deliver Markdown or schema-defined JSON, not raw HTML the agent has to untangle.
  • Render JavaScript by default: load every page in a real browser so dynamic content shows up.
  • Rotate residential proxies: use premium residential IPs to avoid bot detection.
  • Handle batches: process many URLs at once instead of one at a time, which is where batch web scraping earns its keep.
  • Expose one endpoint: give the skill a single API to call so the SKILL.md stays a thin instruction file.

The cleanest way to meet this checklist is to point the skill at a managed service. A web scraping API abstracts the browser infrastructure, proxies, and rendering, so your skill stays simple.

How to Wire a Web-Data API into a Skill

The pattern is straightforward. Your SKILL.md instructs the agent to call a web-data endpoint with a URL and get back clean content. The skill file holds the instructions; the API does the scraping.

For tool-native access, connect through Olostep's MCP server so the agent can call the web-data tool directly. For a concrete walkthrough, see this guide on how to connect a web-data tool to your agent.

If you're weighing build versus buy, you can start free and scale with transparent per-request pricing. That lets you test the skill before committing to your own scraping stack.

Are OpenClaw Skills Safe? Security Risks and How to Vet Them

Skills are not inherently safe. Anyone can publish one, so treat installing a skill like running someone else's code on your machine.

The risk is real and measured. According to Koi Security's ClawHavoc audit, a February 2026 review of all 2,857 skills then on ClawHub found 341 malicious skills, 335 of them from what appears to be a single campaign.

Flaws are common even outside outright attacks. Per Snyk's ToxicSkills research, a February 2026 audit of 3,984 skills found that 13.4% contain at least one critical-level security issue, and 36.82% have at least one security flaw of any severity.

A Checklist Before You Install Any Skill

Run through this list before adding any third-party skill:

  • Check the ClawHub scan: verify the registry's security scan result first.
  • Read the SKILL.md yourself: open the file and see what it actually instructs the agent to do.
  • Apply a downloads and age heuristic: favor skills with real usage and history over brand-new ones.
  • Match permissions to purpose: be suspicious if a skill requests more access than its job requires.
  • Start read-only: give a new skill limited access before you trust it with writes.
  • Run in isolation: test unfamiliar skills in an isolated environment first.
  • Prefer bundled first-party skills: they're the safest starting point.

This matters because of the low publishing barrier: Snyk notes that publishing a skill on ClawHub takes only a SKILL.md Markdown file and a GitHub account that's one week old, with no code signing, no security review, and no sandbox by default.

Frequently Asked Questions

What are OpenClaw skills?

OpenClaw skills are folders containing a SKILL.md file that teaches a locally-running OpenClaw agent how and when to use a specific tool.

How do I install an OpenClaw skill?

Install the ClawHub CLI with npm i -g clawhub, run clawhub install <skill-slug>, then restart the gateway so the skill loads.

Where are OpenClaw skills stored?

Skills live in a few places, most commonly your workspace skills/ folder or the managed ~/.openclaw/skills directory shared across agents.

Are OpenClaw skills safe to use?

Not inherently, since anyone can publish one, so read the SKILL.md and check the ClawHub scan before installing any third-party skill.

Can I build my own OpenClaw skill?

Yes, just create a folder with a SKILL.md file that has a name, a description, and your instructions, and the agent picks it up next session.

Conclusion: Start Small, Stay Safe

OpenClaw skills are simple instruction files that turn a plain agent into a useful one. You don't need to write code, just a SKILL.md file with a clear description.

Start with a couple of bundled first-party skills, since they're the safest. Vet everything you install from ClawHub, read the SKILL.md yourself, and match permissions to purpose.

Most of all, give your agent a reliable web-data layer instead of a brittle browser skill. Clean Markdown, rendered JavaScript, and rotating proxies are the difference between an agent that reads the web and one that acts on bad data. You can try a managed web-data layer free and see the difference on your own URLs.

About the Author

Aadithyan Nair

Founding Engineer, Olostep · Dubai, AE

Aadithyan is a Founding Engineer at Olostep, focusing on infrastructure and GTM. He's been hacking on computers since he was 10 and loves building things from scratch (including custom programming languages and servers for fun). Before Olostep, he co-founded an ed-tech startup, did some first-author ML research at NYU Abu Dhabi, and shipped AI tools at Zecento, RAEN AI.

On this page

Read more