Start here
For most agents, start with the built-in tool categories, then adjust policy only when the agent should see fewer tools or needs explicit host access.| If you need to… | Use this first | Then read |
|---|---|---|
| Let an agent act with existing capabilities | Built-in tools | Tool categories |
| Control what an agent can call | Tool policy | Tools and custom providers |
| Teach an agent a workflow | Skills | Skills and Creating skills |
| Add a new integration or runtime surface | Plugins | Plugins and Build plugins |
| Run work later or in the background | Automation | Automation overview |
| Coordinate multiple agents or harnesses | Sub-agents | ACP agents and Agent send |
| Search a large PI tool catalog | Tool Search | Tool Search |
Choose tools, skills, or plugins
Use a tool when the agent needs to act
A tool is a typed function the agent can call, such as
exec, browser,
web_search, message, or image_generate. Use tools when the agent
needs to read data, change files, send messages, call a provider, or operate
another system. Visible tools are sent to the model as structured function
definitions.The model only sees tools that survive the active profile, allow/deny
policy, provider restrictions, sandbox state, channel permissions, and
plugin availability.Use a skill when the agent needs instructions
A skill is a
SKILL.md instruction pack loaded into the agent prompt. Use a
skill when the agent already has the tools it needs, but needs a repeatable
workflow, review rubric, command sequence, or operating constraint.Skills can live in a workspace, shared skill directory, managed OpenClaw
skill root, or plugin package.Skills | Creating skills | Skills configUse a plugin when OpenClaw needs a new capability
A plugin can add tools, skills, channels, model providers, speech, realtime
voice, media generation, web search, web fetch, hooks, and other runtime
capabilities. Use a plugin when the capability has code, credentials,
lifecycle hooks, manifest metadata, or installable packaging. Existing
plugins can be installed from ClawHub, npm, git, local directories, or
archives.Install and configure plugins | Build plugins | Plugin SDK
Built-in tool categories
The table lists representative tools so you can recognize the surface. It is not the full policy reference. For exact groups, defaults, and allow/deny semantics, use Tools and custom providers.| Category | Use when the agent needs to… | Representative tools | Read next |
|---|---|---|---|
| Runtime | Run commands, manage processes, or use provider-backed Python analysis | exec, process, code_execution | Exec, Code execution |
| Files | Read and change workspace files | read, write, edit, apply_patch | Apply patch |
| Web | Search the web, search X posts, or fetch readable page content | web_search, x_search, web_fetch | Web tools, Web fetch |
| Browser | Operate a browser session | browser | Browser |
| Messaging and channels | Send replies or channel actions | message | Agent send |
| Sessions and agents | Inspect sessions, delegate work, steer another run, or report status | sessions_*, subagents, agents_list, session_status | Sub-agents, Session tool |
| Automation | Schedule work or respond to background events | cron, heartbeat_respond | Automation |
| Gateway and nodes | Inspect Gateway state or paired target devices | gateway, nodes | Gateway configuration, Nodes |
| Media | Analyze, generate, or speak media | image, image_generate, music_generate, video_generate, tts | Media overview |
| Large PI catalogs | Search and call many eligible tools without sending every schema to the model | tool_search_code, tool_search, tool_describe | Tool Search |
Tool Search is an experimental PI-agent surface. Codex harness runs use
Codex-native code mode, native tool search, deferred dynamic tools, and nested
tool calls instead of
tools.toolSearch.Plugin-provided tools
Plugins can register additional tools. Plugin authors wire tools throughapi.registerTool(...) and the manifest’s contracts.tools; use
Plugin SDK and Plugin manifest
for contract details.
Common plugin-provided tools include:
- Diffs for rendering file and markdown diffs
- LLM Task for JSON-only workflow steps
- Lobster for typed workflows with resumable approvals
- Tokenjuice for compacting noisy
execandbashtool output - Tool Search for discovering and calling large tool catalogs without putting every schema in the prompt
- Canvas for node Canvas control and A2UI rendering
Configure access and approvals
Tool policy is enforced before the model call. If policy removes a tool, the model does not receive that tool’s schema for the turn. A run can lose tools because of global config, per-agent config, channel policy, provider restrictions, sandbox rules, owner-only gating, or plugin availability.- Tools and custom providers documents tool profiles, allow/deny lists, provider-specific restrictions, loop detection, and provider-backed tool settings.
- Exec approvals documents host command approval policy.
- Elevated exec documents controlled execution outside the sandbox.
- Sandbox vs tool policy vs elevated explains which layer controls file and process access.
- Per-agent sandbox and tool restrictions documents agent-specific restrictions for delegated runs.
Extend capabilities
Choose the extension path by the job you need OpenClaw to do:- Install or manage an existing plugin with Plugins.
- Build a new integration, provider, channel, tool, or hook with Build plugins.
- Add or tune reusable agent instructions with Skills and Creating skills.
- Package reusable workflow material with Skill workshop when the workflow belongs in a plugin-distributed skill bundle.
- Use Plugin SDK and Plugin manifest when you need implementation contracts.
Troubleshoot missing tools
If the model cannot see or call a tool, start with the effective policy for the current turn:- Check the active profile,
tools.allow, andtools.denyin Tools and custom providers. - Check provider-specific restrictions in Tools and custom providers and confirm the selected model provider supports the tool shape.
- Check channel permissions, sandbox state, and elevated access with Sandbox vs tool policy vs elevated and Elevated exec.
- Check whether the owning plugin is installed and enabled in Plugins.
- For delegated runs, check per-agent restrictions in Per-agent sandbox and tool restrictions.
- For large PI catalogs, confirm whether the run uses direct tool exposure or Tool Search.
Related
- Automation for cron, tasks, heartbeat, commitments, hooks, standing orders, and Task Flow
- Agents for the agent model, sessions, memory, and multi-agent coordination
- Tools and custom providers for the canonical tool policy reference
- Plugins for plugin installation and management
- Plugin SDK for plugin author reference
- Skills for skill load order, gating, and config
- Tool Search for compact PI tool catalog discovery