Why OpenClaw Skills Auto-Load (And How to Whitelist Them)

Bundled skills auto-load if the CLI tool exists on your system. It's "everything unless disabled" — not "nothing unless installed."

FFmpeg installed? Your agent can process videos. Docker running? It can spin up containers. Your agent might have access to tools you forgot were even installed.

Why That's a Risk

Every active skill is a capability your agent can use — or misuse. A compromised prompt or poorly-worded request can trigger tools you didn't expect.

"Clean up old files" → agent uses Docker to remove stopped containers. "Process this data" → it hits external APIs through a bundled HTTP skill.

How to Whitelist

In openclaw.json, use skills.allowBundled:

{
  "skills": {
    "allowBundled": [
      "git",
      "github",
      "slack",
      "calendar"
    ]
  }
}

Now only those four skills are active — regardless of what's installed on your machine.

The Right Approach

1. Start minimal. Only whitelist what you need today.
2. Add as needed. Agent can't do something you want? Add that skill.
3. Review periodically. Remove anything you haven't used in a few weeks.

The goal isn't to cripple your agent. It's to know exactly what it can do. No surprises.

Least Privilege

Give access to what's needed, nothing more. Your agent doesn't need every tool on your machine — just the ones required for your workflows.

Auto-loading is convenient for getting started. Once you're past the honeymoon phase, take five minutes to whitelist your skills. Future you will appreciate it.