Creating Custom Skills
Overview
OpenClaw skills are plugins that add new capabilities to your AI agent-extra tools, actions, and integrations. You can write them in TypeScript or define workflows in YAML/TypeScript. Skills run in your OpenClaw instance and can call external APIs, run scripts, or expose custom actions the LLM can invoke. You keep skills private for your own use or publish them to ClawHub for the community (with an 80% revenue share for creators).
What you'll learn:
- Anatomy of an OpenClaw skill (manifest, tools, actions)
- Setting up a development environment
- Step-by-step: create, implement, and test a skill locally
- Publishing to ClawHub and monetization
- Security best practices for skill authors (avoid credential leaks)
- Common pitfalls and troubleshooting
Prerequisites
- OpenClaw installed and running (quick start guide, installation hub)
- At least one channel configured (e.g. Telegram or Discord) for testing
- Basic familiarity with configuration and OpenClaw config
- Node.js 22+ and npm (for TypeScript skills)
- Understanding of skills security and security best practices-skills can access credentials and the host; write secure code
Anatomy of an OpenClaw Skill
A skill typically includes:
- Manifest: Name, version, description, and metadata so OpenClaw and ClawHub can load and display the skill.
- Tools / actions: Operations the LLM can call (e.g. "search_web", "send_email"). Each tool has a name, description, parameters (schema), and handler code.
- Handlers: Your TypeScript or YAML-defined logic that runs when the agent invokes a tool-call APIs, run shell commands (with care), or process data.
The exact structure and APIs are defined in the official OpenClaw documentation; the gateway discovers skills from configured paths and exposes their tools to the agent. See official docs for the current schema and examples.
Development Environment
Before writing a skill:
- Ensure OpenClaw is up to date:
openclaw updateandopenclaw status. - Create a dedicated directory for your skill (e.g.
~/.openclaw/skills/my-skillor a folder you add to the config skill paths). - For TypeScript skills: use Node 22+, npm or pnpm, and the build tool recommended in the official skill template (e.g.
tsuportsc). - Point OpenClaw config to your local skill path so you can load the skill without publishing (see advanced configuration for custom skill paths).
Step-by-Step: Create and Test a Skill
Step 1: Create the skill project
Initialize a new skill package with the structure required by OpenClaw (manifest file, entry point). Use the official skill template from the OpenClaw repo or docs if available; otherwise follow the manifest and tool schema from official documentation.
# Example: create directory and minimal package
mkdir -p ~/.openclaw/skills/my-skill
cd ~/.openclaw/skills/my-skill
npm init -y
# Add OpenClaw skill types and build step per official templateStep 2: Define tools and actions
Define each tool your skill provides: name, description (used by the LLM to decide when to call it), and parameter schema. Implement the handler so it performs the action (e.g. HTTP request, file read) and returns a result the agent can use. Never log or expose API keys or secrets; use environment variables and the platform's secret handling.
Step 3: Test locally
Install or link your skill so OpenClaw loads it (via config skill path or openclaw skills install with a local path if supported). Restart the gateway, then trigger the agent from a connected Telegram or Discord channel and ask it to use your new capability. Check openclaw logs --follow for errors. Run openclaw security audit to catch credential leaks or unsafe patterns-see skills security.
openclaw restart
openclaw logs --follow
# In another terminal or via chat: ask agent to use your skill
openclaw security auditStep 4: Publish to ClawHub (optional)
Once tested and secure, you can publish your skill to the ClawHub marketplace. ClawHub lets users discover and install community skills. As a creator, you can monetize: the marketplace offers an 80% revenue share for skill sales. Follow ClawHub's publishing guidelines (packaging, versioning, and security review). For business ideas around selling skills and automation, see monetization and selling workflows.
Security Best Practices for Skill Authors
Skills run with access to the OpenClaw environment and can receive credentials. Security issues in skills have made news (e.g. credential leaks in some ClawHub skills). As a developer:
- Never log or expose secrets: Use env vars or the platform's secret store; don't put keys in code or error messages.
- Validate inputs: Sanitize user and LLM-provided inputs to avoid injection or abuse.
- Limit permissions: Only request the minimum permissions your skill needs; avoid broad shell or file access unless necessary.
- Pin dependencies: Use lockfiles and pinned versions to reduce supply-chain risk.
- Run and recommend audits: Use
openclaw security auditand document that users should run it; see skills security and security skills.
For a full checklist, see security best practices and security checklist.
Common Issues & Solutions
| Issue | Cause | Solution |
|---|---|---|
| Skill not loaded | Path not in config or wrong manifest | Check file structure and skill paths in advanced config; ensure manifest matches schema in official docs |
| Tool not visible to agent | Description too vague or schema invalid | Improve tool description for LLM; validate parameter schema per docs |
| Credential leak / security audit failure | Secrets in code or logs | Move to env vars; remove from logs; run openclaw security audit and fix reported issues; see skills security |
| Skill works locally but fails after install | Missing env vars or permissions on target system | Document required env vars; test in a clean environment; check troubleshooting |
| Build or TypeScript errors | Wrong Node version or missing types | Use Node 22+; install OpenClaw skill types from official repo; follow official skill template |
Need more help? See the troubleshooting hub and skills issues, or ask in the Discord community.
Advanced Tips
- Combine several tools in one skill for a cohesive capability (e.g. "GitHub skill" with pr_list, pr_comment, issue_create).
- Use the agent's persistent memory from within skills when the API allows, for context-aware behavior.
- Integrate with external services via HTTP clients and webhooks; avoid hardcoding endpoints and secrets.
- Consider development workflow use cases (code review, CI/CD, monitoring) when designing skills for developers.
For gateway and config limits, see advanced configuration.
FAQ
What language can I use to write OpenClaw skills?
OpenClaw supports custom skills written in TypeScript and workflows defined in YAML or TypeScript. The official documentation and templates use TypeScript; check official docs for the current skill API.
Can I keep my skill private?
Yes. You can develop and run skills locally or on your own instance without publishing to ClawHub. Only publish when you want to share or monetize.
How do I publish and earn from my skill?
Publish to the ClawHub marketplace. ClawHub offers an 80% revenue share for creators. See monetization and selling workflows for business guidance.
Where is the official skill API documentation?
The exact schema and APIs are maintained in the official OpenClaw documentation. We link to it from official docs; use that for manifest format, tool registration, and version-specific details.
Related Resources
🔧 Config & Security
💬 Community & Docs
Next Steps
After creating your skill:
- Browse ClawHub for inspiration and to publish your skill
- Audit and harden your skill with the skills security guide
- Explore use cases (e.g. development workflows) for more ideas
- Monetization guide-turn skills and workflows into income