Chapter 15: Skills — Giving Your Agent Superpowers
An OpenClaw agent without skills can only read and write text. Skills are the tools that let your agent take action in the real world: run shell commands, read and write files, search the web, query databases, call APIs, and more. This chapter covers every built-in skill and how to configure each one.
How Skills Work
When a user sends a message, the agent decides whether to respond directly or to invoke a skill first. Skills follow the Model Context Protocol (MCP) — each skill exposes a set of tools that the AI can call, observe the result of, and then use to compose its final response.
Skills are enabled per-workspace. A user in the public workspace might only have web-search, while a user in the admins workspace has full access to bash, files, github, and more.
Enabling Skills
{
"workspaces": [
{
"id": "dev-team",
"agent": "balanced",
"skills": ["bash", "files", "web-search", "github"]
}
]
}
Built-in Skills Reference
bash — Run Shell Commands
Lets the agent execute shell commands on the host machine.
{
"skills": {
"bash": {
"enabled": true,
"allowedCommands": ["ls", "cat", "grep", "find", "git", "npm", "python3", "node"],
"blockedCommands": ["rm -rf", "sudo", "chmod 777", "curl | bash"],
"timeout": 30000,
"workingDirectory": "/home/user/projects",
"maxOutputLength": 10000
}
}
}
| Field | Description |
|---|---|
allowedCommands | Only these command prefixes are permitted |
blockedCommands | These patterns are always denied, even if in allowlist |
timeout | Max milliseconds before the command is killed |
workingDirectory | Default directory for command execution |
maxOutputLength | Truncate output longer than this (in characters) |
files — Read and Write Files
Lets the agent read, write, and list files on the filesystem.
{
"skills": {
"files": {
"enabled": true,
"allowedPaths": ["/home/user/projects", "/tmp"],
"blockedPaths": ["/etc", "/root", "/var/log", "/home/user/.ssh"],
"maxFileSize": "10MB",
"allowWrite": true,
"allowDelete": false
}
}
}
Set allowDelete: false to prevent the agent from removing files even if asked.
web-search — Search the Internet
Lets the agent search the web and retrieve current information.
{
"skills": {
"web-search": {
"enabled": true,
"provider": "brave",
"apiKey": "${BRAVE_SEARCH_API_KEY}",
"maxResults": 5,
"safeSearch": true
}
}
}
| Provider | provider value | API Key Required |
|---|---|---|
| Brave Search | brave | Yes |
| Tavily | tavily | Yes |
| SerpAPI | serpapi | Yes |
| DuckDuckGo | duckduckgo | No |
web-fetch — Fetch Web Pages
Lets the agent retrieve and read the content of specific URLs.
{
"skills": {
"web-fetch": {
"enabled": true,
"allowedDomains": [],
"blockedDomains": ["localhost", "192.168.", "10.", "172.16."],
"maxContentLength": "1MB",
"timeout": 15000
}
}
}
Leaving allowedDomains empty permits all domains (except blocked ones).
github — GitHub Integration
Lets the agent read repositories, create issues, open pull requests, and more.
{
"skills": {
"github": {
"enabled": true,
"token": "${GITHUB_TOKEN}",
"allowedRepos": ["myorg/repo1", "myorg/repo2"],
"allowWrite": true
}
}
}
Available operations: read files, list issues, create issues, comment on PRs, read PR diffs, check CI status.
database — Query Databases
Lets the agent run read-only SQL queries against your databases.
{
"skills": {
"database": {
"enabled": true,
"connections": {
"main": {
"type": "postgresql",
"url": "${DATABASE_URL}",
"readOnly": true,
"allowedTables": ["users", "orders", "products"],
"maxRows": 100
}
}
}
}
}
| Type | type value |
|---|---|
| PostgreSQL | postgresql |
| MySQL | mysql |
| SQLite | sqlite |
Always set readOnly: true unless you specifically need write access.
memory — Persistent Memory
Lets the agent store and retrieve facts across sessions.
{
"skills": {
"memory": {
"enabled": true,
"storageType": "file",
"storagePath": "~/.openclaw/memory",
"maxEntriesPerUser": 500,
"autoSummarize": true
}
}
}
With memory enabled, users can say things like "Remember that I prefer Python" and the agent will recall it in future sessions.
image-generation — Create Images
Lets the agent generate images on request.
{
"skills": {
"image-generation": {
"enabled": true,
"provider": "openai",
"apiKey": "${OPENAI_API_KEY}",
"model": "dall-e-3",
"defaultSize": "1024x1024",
"maxImagesPerRequest": 2
}
}
}
Skill Permissions Summary
| Skill | Risk Level | Recommended For |
|---|---|---|
web-search | Low | All workspaces |
web-fetch | Low–Medium | Team workspaces |
memory | Low | All workspaces |
files (read-only) | Medium | Team workspaces |
github (read-only) | Medium | Dev workspaces |
bash | High | Admin workspaces only |
database | High | Admin workspaces only |
files (write) | High | Admin workspaces only |
Checking Available Skills
openclaw skills list
Skill Status Workspace
---------------- --------- ----------
bash enabled admins
files enabled admins, dev-team
web-search enabled admins, dev-team, public
memory enabled all
github disabled —
Next: Chapter 16 — ClawHub: The Package Registry for Skills — How to discover, install, and publish skills through OpenClaw's community registry.