> skills
Skills are SKILL.md instruction files — YAML frontmatter plus markdown — that teach an agent when and how to use a tool. They load by priority (workspace beats project beats personal beats managed beats bundled), and you install them from ClawHub (the public registry), a Git repo, or a local folder. Because a skill is code the agent runs, treat third-party skills as untrusted: read them, and verify ClawHub installs against their trust envelope.
// skills
4 commands// faq
Where do skills install and how do I share them across agents?
openclaw skills install @owner/<slug> installs into the active workspace's skills/ directory, visible to that workspace only. Add --global to install into the shared ~/.openclaw/skills so every local agent sees it, unless an agent's skills allowlist narrows the set. A non-empty agents.list[].skills is the final set — it does not merge with defaults.
How do I install a skill that is not on ClawHub?
openclaw skills install git:owner/repo@ref installs from Git, and openclaw skills install ./path installs from a local folder. Both expect SKILL.md at the source root; the slug comes from its frontmatter name, falling back to the directory or repo name, and --as <slug> overrides it.
Why does openclaw skills update not update my skill?
openclaw skills update --all only tracks ClawHub installs, which record their origin in .clawhub/origin.json. Git and local skills are skipped by update — reinstall them from source to pick up changes. Add --global to update the shared managed skills instead of the workspace set.
Are third-party skills safe to install?
Treat them as untrusted code, because the agent executes their instructions. Read the SKILL.md before enabling, run openclaw skills verify @owner/<slug> to check the ClawHub trust envelope, and use openclaw skills check to see how much prompt budget the enabled skills consume. Path containment blocks symlink breakout, but it does not vet intent.