Skill Permission Architecture
Every OpenClaw skill must declare its required permissions in the SKILL.md frontmatter. The agent enforces these permissions at runtime — a skill cannot access resources beyond what it has declared, even if the underlying LLM generates instructions to do so.
Permission Types
- fileAccess: Directories and files the skill can read or write. Supports glob patterns.
- commands: Shell commands the skill is allowed to execute.
- network: External hosts and APIs the skill can connect to.
- environment: Environment variables the skill can read.
Permission Inheritance
Skill permissions are intersected with your global security configuration. If your global allowlist permits git and npm but a skill only declares git, the skill can only use git. Conversely, if a skill declares rm but your global allowlist does not include it, the skill cannot use rm.
Reviewing Permissions Before Install
# Inspect a skill's required permissions
openclaw skill inspect daily-standup-report
# Compare against your security policy
openclaw skill check-compatibility daily-standup-reportBest Practices
- Follow the principle of least privilege — declare only what you actually need
- Use specific paths instead of wildcards where possible
- Document why each permission is needed in your SKILL.md
Skills Library
Access 2,500+ verified skills to expand your agent's capabilities.