OpenClaw’s ceiling depends heavily on how you use Skills. But Skills are also one of the fastest ways to make the system more expensive, less predictable, or less safe.
01 What a Skill Really Is
A Skill is an extension unit that expands what the agent can do.
Three levels of priority
It helps to think about Skills in three layers:
| Priority | Path | Scope |
|---|---|---|
| Highest | <workspace>/skills/ | Current project only |
| Middle | ~/.openclaw/skills/ | User-wide |
| Lowest | bundled skills | Built into OpenClaw |
If the same Skill exists at multiple levels, the higher layer wins.
That means you can override built-in behavior locally without changing how other projects behave.
02 How Skills Are Loaded
The rough loading flow looks like this:
- scan Skill directories
- read
SKILL.md - parse description, trigger rules, and required environment variables
- inject environment variables
- expose available Skill descriptions to the system prompt
- restore state after execution
The important point is that a Skill is not just a folder of notes. It actively changes what the model thinks it can do.
03 ClawHub and the Skill Registry
ClawHub is OpenClaw’s public Skill registry. Functionally, it plays the same broad role a package registry does for a programming ecosystem.
Marketplace size
| Metric | Value |
|---|---|
| Total registered Skills | 13,729 |
| Curated / selected Skills | 5,494 |
| Filtered-out entries | 6,940 |
| Malicious peak count | 800+ |
That should immediately make you cautious. The ecosystem is large, but large does not automatically mean trustworthy.
Common commands
openclaw skills install <skill-name>
openclaw skills search "browser automation"
openclaw skills list
openclaw skills uninstall <skill-name>04 Common Skill Categories
The heaviest categories tend to be:
- coding and IDE assistance
- web and frontend development
- DevOps and cloud tooling
- search and research
- browser automation
- productivity and task orchestration
Frequently used Skill types
| Skill | Typical use |
|---|---|
| Gmail / Google | Email, calendar, docs |
| Agent Browser | Browser automation |
| Summarize | Condense pages, video, and email |
| GitHub | Repos, PRs, Issues |
| Claude Code bridge | Coding workflows |
| Web Search | Live web lookup |
| File Manager | File operations |
| Calendar | Scheduling |
| Translator | Translation |
| Image Gen | Image generation |
One practical rule is simple: do not install too many Skills at once. Every Skill increases prompt surface area, complexity, and risk.
05 Building Your Own Skill
A Skill can stay very simple.
my-skill/
├── SKILL.md
├── scripts/
├── templates/
└── README.mdThe only required file is SKILL.md.
Minimal example
# My Custom Skill
## Description
Help the user write a structured daily work summary.
## Trigger
Activate when the user mentions a daily report, work summary, or status update.
## Instructions
1. Ask what work was completed today
2. Group items by project
3. Mark status
4. Output markdown
5. Save to ~/reports/YYYY-MM-DD.md
## Environment Variables
- REPORTS_DIR: output directoryInstallation locations
| Scope | Path | Effect |
|---|---|---|
| Project | <workspace>/skills/my-skill/ | Current project only |
| Global | ~/.openclaw/skills/my-skill/ | All workspaces |
Publishing
openclaw clawhub login
openclaw clawhub publish ./my-skill06 Skill Security
One of the most important ecosystem lessons is the ClawHavoc supply-chain incident.
Why it mattered
| Metric | Value |
|---|---|
| Affected devices | 135,000+ |
| Malicious Skill share at peak | About 20% |
| Initially confirmed malicious Skills | 341 |
| Later expanded detections | 800+ |
Attackers did not just hide obvious malware in random packages. They used seemingly legitimate descriptions, then tried to escalate through helper instructions and deeper persistence.
The most dangerous part is that a malicious Skill can influence long-lived agent state, including:
SOUL.mdMEMORY.md
Practical defenses
- Review source before installing
- Be suspicious of “install another helper” instructions
- Check
SOUL.mdandMEMORY.mdregularly - Prefer curated lists over random registry search
- Scan installed Skills
Example:
npm install -g secureclaw
secureclaw scan ~/.openclaw/skills/The core mindset is this: a Skill is trusted code. Treat it that way.