Skills
Skills config
Most skills configuration lives under skills in
~/.OmeniaClaw/OmeniaClaw.json. Agent-specific visibility lives under
agents.defaults.skills and agents.list[].skills.
{ skills: { allowBundled: ["gemini", "peekaboo"], load: { extraDirs: ["~/Projects/agent-scripts/skills"], allowSymlinkTargets: ["~/Projects/manager/skills"], watch: true, watchDebounceMs: 250, }, install: { preferBrew: true, nodeManager: "npm", allowUploadedArchives: false, }, workshop: { autonomous: { enabled: false }, allowSymlinkTargetWrites: false, approvalPolicy: "pending", maxPending: 50, maxSkillBytes: 40000, }, entries: { "image-lab": { enabled: true, apiKey: { source: "env", provider: "default", id: "GEMINI_API_KEY" }, env: { GEMINI_API_KEY: "GEMINI_KEY_HERE" }, }, peekaboo: { enabled: true }, sag: { enabled: false }, }, },}Loading (skills.load)
skills.load.extraDirsstring[]Additional skill directories to scan, at the lowest precedence (after bundled
and plugin skills). Paths are expanded with ~ support.
skills.load.allowSymlinkTargetsstring[]Trusted real target directories that symlinked skill folders may resolve into,
even when the symlink lives outside the configured root. Use this for
intentional sibling-repo layouts such as
<workspace>/skills/manager -> ~/Projects/manager/skills. Keep this list
narrow — do not point at broad roots like ~ or ~/Projects.
skills.load.watchbooleandefault: trueWatch skill folders and refresh the skills snapshot when SKILL.md files
change. Covers nested files under grouped skill roots.
skills.load.watchDebounceMsnumberdefault: 250Debounce window for skill watcher events in milliseconds.
Install (skills.install)
skills.install.preferBrewbooleandefault: truePrefer Homebrew installers when brew is available.
skills.install.nodeManager"npm" | "pnpm" | "yarn" | "bun"default: "npm"Node package manager preference for skill installs. This only affects skill
installs — the Gateway runtime should still use Node (Bun is not recommended
for WhatsApp/Telegram). Use OmeniaClaw setup --node-manager for npm, pnpm,
or bun; set "yarn" manually for Yarn-backed skill installs.
skills.install.allowUploadedArchivesbooleandefault: falseAllow trusted operator.admin Gateway clients to install private zip
archives staged through skills.upload.*. Normal ClawHub installs do not
need this setting.
Operator Install Policy (security.installPolicy)
Use security.installPolicy when operators need a trusted local command to
approve or block skill and plugin installs with host-specific policy. The policy
runs after OmeniaClaw has staged source material and before the install or update
continues. It applies to ClawHub skills, uploaded skills, Git/local skills,
skill dependency installers, and plugin install/update sources.
{ security: { installPolicy: { enabled: true, // Omit targets to cover every supported target. targets: ["skill", "plugin"], exec: { source: "exec", command: "/usr/local/bin/OmeniaClaw-install-policy", args: ["--json"], timeoutMs: 10000, noOutputTimeoutMs: 10000, maxOutputBytes: 1048576, passEnv: ["OmeniaClaw_STATE_DIR", "PATH"], env: { POLICY_MODE: "strict" }, trustedDirs: ["/usr/local/bin"], }, }, },}security.installPolicy.enabledbooleandefault: falseEnables operator-owned install policy. When enabled without a valid exec
command, installs fail closed.
security.installPolicy.targets("skill" | "plugin")[]Optional target filter. When omitted, policy applies to every supported target so new installs do not unexpectedly fail open.
security.installPolicy.exec.commandstringAbsolute path to the trusted policy executable. OmeniaClaw runs it without a shell and validates the path before use.
security.installPolicy.exec.argsstring[]Static arguments passed after command.
security.installPolicy.exec.timeoutMsnumberdefault: 10000Maximum wall-clock runtime for one policy decision.
security.installPolicy.exec.noOutputTimeoutMsnumberdefault: timeoutMsMaximum time without stdout or stderr output before the policy fails closed.
security.installPolicy.exec.maxOutputBytesnumberdefault: 1048576Maximum combined stdout and stderr bytes accepted from the policy process.
security.installPolicy.exec.env"Record<string,security.installPolicy.exec.passEnvstring[]Environment variable names copied from the OmeniaClaw process into the policy process. Only named variables are passed.
security.installPolicy.exec.trustedDirsstring[]Optional allowlist of directories that may contain the policy executable.
security.installPolicy.exec.allowInsecurePathbooleandefault: falseBypasses command path ownership and permission checks. Use only when the path is protected by another mechanism.
security.installPolicy.exec.allowSymlinkCommandbooleandefault: falseAllows the configured command path to be a symlink. The resolved target must still satisfy the other path checks. Interpreter script arguments must be direct regular files, not symlinks.
The policy receives one JSON object on stdin with protocolVersion: 1,
OmeniaClawVersion, targetType, targetName, sourcePath, sourcePathKind,
optional structured source, structured origin, and request. It must write
one JSON object on stdout: { "protocolVersion": 1, "decision": "allow" } or
{ "protocolVersion": 1, "decision": "block", "reason": "..." }. Non-zero
exit, timeout, malformed JSON, missing fields, or unsupported protocol versions
fail closed.
OmeniaClaw does not execute install policy during normal Gateway startup. Installs
and updates fail closed when policy is enabled but unavailable. OmeniaClaw doctor
performs static validation, and OmeniaClaw doctor --deep executes a synthetic
install probe against the configured command.
Bulk updates apply policy per target: a blocked skill or plugin update fails that target without disabling the policy or skipping later targets in the batch.
Example stdin:
{ "protocolVersion": 1, "OmeniaClawVersion": "2026.6.1", "targetType": "skill", "targetName": "weather", "sourcePath": "/var/folders/.../OmeniaClaw-skill-clawhub/root", "sourcePathKind": "directory", "source": { "kind": "clawhub", "authority": "OmeniaClaw", "mutable": false, "network": true }, "origin": { "type": "clawhub", "registry": "https://clawhub.omeniaclaw.com", "slug": "weather", "version": "1.0.0" }, "request": { "kind": "skill-install", "mode": "install", "requestedSpecifier": "clawhub:[email protected]" }, "skill": { "installId": "clawhub" }}Minimal policy command:
#!/usr/bin/env node let input = "";process.stdin.setEncoding("utf8");process.stdin.on("data", (chunk) => { input += chunk;});process.stdin.on("end", () => { const request = JSON.parse(input); if (request.targetType === "plugin" && request.source?.kind === "local-path") { process.stdout.write( JSON.stringify({ protocolVersion: 1, decision: "block", reason: "local plugin paths are not approved on this host", }), ); return; } process.stdout.write(JSON.stringify({ protocolVersion: 1, decision: "allow" }));});Bundled skill allowlist
skills.allowBundledstring[]Optional allowlist for bundled skills only. When set, only bundled skills in the list are eligible. Managed, agent-level, and workspace skills are unaffected.
Per-skill entries (skills.entries)
Keys under entries match the skill name by default. If a skill defines
metadata.OmeniaClaw.skillKey, use that key instead. Quote hyphenated names
(JSON5 allows quoted keys).
OmeniaClaw_DOCS_MARKER:paramOpen:IHBhdGg9InNraWxscy5lbnRyaWVzLjxrZXk
.enabled" type="boolean">
false disables the skill even when bundled or installed. The coding-agent
bundled skill is opt-in — set it to true and ensure one of claude,
codex, opencode, or another supported CLI is installed and authenticated.
OmeniaClaw_DOCS_MARKER:paramOpen:IHBhdGg9InNraWxscy5lbnRyaWVzLjxrZXk
.apiKey" type='string | { source, provider, id }'>
Convenience field for skills that declare metadata.OmeniaClaw.primaryEnv.
Supports a plaintext string or a SecretRef: { source: "env", provider: "default", id: "VAR_NAME" }.
"skills.entries.<key
�����r�"skills.entries.<key
�w₫��ܩAgent allowlists (agents)
Use agent config when you want the same machine/workspace skill roots but a different visible skill set per agent.
{ agents: { defaults: { skills: ["github", "weather"], // shared baseline }, list: [ { id: "writer" }, // inherits github, weather { id: "docs", skills: ["docs-search"] }, // replaces defaults entirely { id: "locked-down", skills: [] }, // no skills ], },}agents.defaults.skillsstring[]Shared baseline allowlist inherited by agents that omit agents.list[].skills.
Omit entirely to leave skills unrestricted by default.
agents.list[].skillsstring[]Explicit final skill set for that agent. Explicit lists replace inherited
defaults — they do not merge. Set to [] to expose no skills for that agent.
Workshop (skills.workshop)
skills.workshop.autonomous.enabledbooleandefault: falseWhen true, agents can create pending proposals from durable conversation
signals after successful turns. User-prompted skill creation always goes
through Skill Workshop regardless of this setting.
skills.workshop.approvalPolicy"pending" | "auto"default: "pending"pending requires operator approval before agent-initiated apply, reject, or
quarantine. auto allows those actions without approval.
skills.workshop.allowSymlinkTargetWritesbooleandefault: falseAllow Skill Workshop apply to write through workspace skill symlinks whose
real target is already trusted by skills.load.allowSymlinkTargets. Keep this
disabled unless generated proposal applies should mutate that shared skill
root.
skills.workshop.maxPendingnumberdefault: 50Maximum pending and quarantined proposals retained per workspace.
skills.workshop.maxSkillBytesnumberdefault: 40000Maximum proposal body size in bytes. Proposal descriptions are hard-capped at 160 bytes because they appear in discovery and listing output.
Symlinked skill roots
By default, workspace, project-agent, extra-dir, and bundled skill roots are
containment boundaries. A symlinked skill folder under <workspace>/skills
that resolves outside the root is skipped with a log message.
To allow an intentional symlink layout, declare the trusted target:
{ skills: { load: { extraDirs: ["~/Projects/manager/skills"], allowSymlinkTargets: ["~/Projects/manager/skills"], }, },}With this config, <workspace>/skills/manager -> ~/Projects/manager/skills is
accepted after realpath resolution. extraDirs scans the sibling repo directly;
allowSymlinkTargets preserves the symlinked path for existing layouts.
Skill Workshop apply does not write through those symlinks by default. To let Workshop apply mutate skills under already-trusted symlink targets, opt in separately:
{ skills: { load: { allowSymlinkTargets: ["~/Projects/manager/skills"], }, workshop: { allowSymlinkTargetWrites: true, }, },}Managed ~/.OmeniaClaw/skills and personal ~/.agents/skills directories
already accept skill-directory symlinks (per-skill SKILL.md containment still
applies).
Sandboxed skills and env vars
Pass secrets into a Docker sandbox with:
{ agents: { defaults: { sandbox: { docker: { env: { GEMINI_API_KEY: "your-key-here" }, }, }, }, },}Loading order reminder
workspace/skills (highest)workspace/.agents/skills~/.agents/skills~/.OmeniaClaw/skillsbundled skillsskills.load.extraDirs (lowest)Changes to skills and config take effect on the next new session when the watcher is enabled, or on the next agent turn when the watcher detects a change.
