OpenClaw Built-In Skills: Complete Guide to Pre-Installed Capabilities
Every OpenClaw agent ships with built-in tools for web browsing, sandboxed code execution, file management, persistent memory, and image analysis. This guide explains what each native capability does, what its limits are, and what ClawTrust adds on top with six pre-vetted skills.
When people start exploring OpenClaw, one of the first things they ask is: "What skills do I need to install?" It is a reasonable question. The ClawHub marketplace lists over 2,000 community-built packages, each promising to extend what your agent can do. But before you install anything, it helps to understand what OpenClaw already does on its own.
OpenClaw ships with a set of built-in tools that are always available, with no marketplace visit, no installation, and no configuration required. These are not limited stubs or preview features. They are production-capable tools that handle a wide range of real-world tasks: browsing the web, running code, managing files, remembering information, and analyzing images.
This guide covers every native capability in detail, explains where each one has limits, clarifies how built-ins differ from ClawHub skills, and shows what ClawTrust adds to the baseline.
What Are OpenClaw Built-In Skills?
The word "skill" has two different meanings in the OpenClaw ecosystem, and the distinction matters.
In the marketplace sense, a skill is an installable package from ClawHub or another source. Skills are bundles of tools, prompts, and configuration that extend what an agent can do. Installing the GitHub skill gives your agent access to GitHub's API. Installing the Cal.com skill gives it calendar booking capabilities. Skills, in this sense, are add-ons.
In the native sense, OpenClaw also has core tools that ship with the software itself. These are sometimes called built-in skills or native capabilities, and they are the subject of this guide. They include the browser, the code sandbox, the file system interface, the memory system, shell execution, and vision. Every OpenClaw agent has access to these tools from the first boot, with no additional packages required.
The practical implication: when someone asks "what can OpenClaw do?", the answer starts with these built-ins, not with whatever is currently popular on ClawHub. A fresh OpenClaw install, with no skills added, can already browse websites, write and run code, manage a file workspace, and remember things you tell it. That is the baseline you are building on.
ClawHub skills extend that baseline. They do not replace it. A GitHub skill uses OpenClaw's code execution and file management tools internally. A research skill uses the browser. The built-ins are the foundation on which the skill ecosystem runs.
OpenClaw Web Browsing: Real Browser, Real Actions
OpenClaw's browser tool is not an HTTP client. It runs a real Chromium instance, the same engine that powers Google Chrome, with full JavaScript rendering, session management, and DOM interaction. This distinction is important because a significant portion of the modern web is JavaScript-rendered. Sites like LinkedIn, Notion, Google Docs, and most SaaS dashboards only work correctly in a real browser. Text-only scrapers fail on them. OpenClaw's browser does not.
Here is what the browser built-in can do:
- Navigate URLs: Load any public webpage, follow redirects, handle authentication flows
- Click elements: Interact with buttons, links, dropdowns, checkboxes, and any clickable UI element
- Fill forms: Enter text into input fields, submit forms, handle multi-step form flows
- Take screenshots: Capture the current state of any page as an image
- Extract text and structured data: Pull readable content, table data, or specific elements from pages
- Handle JavaScript-rendered pages: Wait for dynamic content to load before extracting data
- Manage sessions and cookies: Maintain login state across multiple page requests
- Web scraping: Extract structured data at scale from product listings, news feeds, directories, or any repeating content pattern
Real-world applications are broad. Agents use the browser for competitive research (monitoring competitor pricing and product pages), lead generation (extracting contact information from directories), market monitoring (tracking news and regulatory announcements), form automation (submitting applications or entries on behalf of users), and content aggregation (pulling information from multiple sources into a unified summary).
On ClawTrust, the browser runs inside a hardened container with resource limits and network isolation. The agent cannot reach your internal network, cannot access other tenants' data, and runs in a sandboxed environment. The container boundary provides the security perimeter, which is why OpenClaw can afford to give agents a real, full-featured browser rather than a restricted one.
One practical note: the browser built-in works best when paired with a model that is good at structured reasoning about web pages. Claude 3.5 Sonnet and GPT-4o both perform well on complex browser tasks. Smaller models sometimes struggle with multi-step navigation that requires understanding page state across multiple actions.
OpenClaw Code Execution: Python and JavaScript Sandbox
The code execution built-in gives every OpenClaw agent the ability to write code and run it immediately in a sandboxed environment. The sandbox supports Python and JavaScript, and it is not just a toy environment. It can handle real data analysis, complex transformations, API calls from code, file generation, and multi-step computational logic that would be impractical to express in natural language alone.
Specific capabilities include:
- Writing and running scripts: The agent generates code based on your request and executes it, returning the result
- Installing packages: Python packages can be installed within a session using pip, making libraries like pandas, numpy, matplotlib, and requests available when needed
- Data analysis: Process CSVs, JSON files, or database exports to produce summaries, statistics, and derived insights
- Data transformation: Reshape, clean, merge, or filter datasets for import into other systems
- Calling external APIs from code: Make HTTP requests, parse responses, and chain API calls in programmatic logic the agent could not express through tool calls alone
- Generating reports: Produce formatted HTML, Markdown, or CSV outputs that can be saved to the workspace and shared
- Complex calculations: Financial models, statistical analysis, optimization problems, and anything that benefits from actual computation rather than language model estimation
The sandbox design is important to understand. Code executes in an isolated environment. It cannot access the host operating system, cannot reach other containers, and cannot escape to the broader network in unauthorized ways. Within the sandbox, the agent's code can read and write to the workspace directory, which is how code execution and file management work together: the agent writes a script, runs it, and saves its outputs to the workspace for future reference.
A common use case is the agent receiving a CSV file via email or Telegram, analyzing it with pandas, generating a summary and a chart, saving both to the workspace, and then sending the summary back via the original channel. No external service required. The built-in code execution and file management tools handle the full workflow.
One limitation to note: packages installed during a session are not persisted to the next session. If your agent regularly needs a specific package, configure it as part of the agent's startup behavior so it is reliably available.
OpenClaw File Management: Your Agent's Workspace
Every OpenClaw agent has a persistent workspace directory. This is a real directory on the host server where the agent can create, read, update, delete, and organize files. The workspace survives between conversations and between restarts. It is the agent's equivalent of a hard drive.
The file management built-in supports:
- Reading files: Open and read any file type in the workspace, including PDFs, CSVs, images, Markdown, JSON, plain text, and code files
- Writing files: Create new files or update existing ones with content generated during a conversation
- Organizing files: Create subdirectories, move files, rename files, and maintain a structured file hierarchy
- Deleting files: Remove files that are no longer needed, either explicitly or as part of cleanup logic
- Searching files: Find files by name or content within the workspace
- Working with structured formats: Parse CSV data, extract content from PDFs, read JSON configuration files
On ClawTrust, each agent has a dedicated 40GB workspace. Files stored there persist indefinitely and are backed up as part of the ClawTrust infrastructure. This is meaningfully different from running OpenClaw on a VPS yourself, where you are responsible for backup and recovery.
The workspace pattern is what enables agents to build institutional knowledge over time. An agent researching a topic can save notes, drafts, and reference documents to the workspace. Next week, when you ask a related question, the agent can consult those files rather than starting from scratch. When combined with the memory system (described below), the workspace gives agents a rich, organized, persistent knowledge base.
A common mistake is treating the agent as stateless, assuming each conversation starts fresh. By default, OpenClaw does maintain conversational context within a session. The workspace extends that persistence across sessions. Design your agent workflows to take advantage of it.
OpenClaw Memory: How Your Agent Remembers
OpenClaw has two distinct types of memory, and understanding both is important for designing effective agents.
In-context memory is the conversation history within a single session. Everything said during a conversation is available to the agent until the conversation ends or the context window fills up. Most large models have context windows of 128K tokens or more, which means a single conversation can hold a substantial amount of information. In-context memory is temporary: it does not survive a new session.
Persistent memory is structured information that the agent stores explicitly to be recalled in future sessions. This is where things get interesting. OpenClaw agents can write facts, preferences, contacts, processes, and decisions to a persistent store, then retrieve relevant information at the start of future conversations.
On ClawTrust, persistent memory is powered by Team Brain, a searchable database backed by Cloudflare D1. When your agent learns something worth remembering, such as your preferred meeting length, a contact's title, a process you want followed, or a decision you made about a project, it can commit that to Team Brain. In the next conversation, the agent queries Team Brain and loads relevant context before responding.
Memory types stored in Team Brain include:
- Learned facts: Information the agent discovered or was told that might be relevant again
- Preferences: How you like things done (formatting style, communication tone, tool preferences)
- Contacts: Names, roles, and context about people you work with
- Processes: Step-by-step procedures the agent should follow for recurring tasks
- FAQs: Questions you ask repeatedly, with answers cached for fast retrieval
- Decisions: Choices made that should inform future behavior
- Escalations: Issues flagged for human review
Team Brain runs PII detection before storing any memory entry, automatically stripping email addresses, phone numbers, SSNs, credit card numbers, and API keys from entries. This prevents accidental long-term storage of sensitive identifiers.
Pro and Enterprise ClawTrust plans include a daily reflection step, where the agent reviews recent conversations, synthesizes new learnings into durable memory entries, and prunes outdated or contradicted facts. This keeps the memory store accurate and growing over time without manual curation.
OpenClaw Vision: Image and Document Analysis
OpenClaw's vision built-in enables agents to analyze images and visual documents sent through any connected channel. When a user sends an image via Telegram, WhatsApp, Slack, or the browser chat interface, the agent can examine that image and respond with substantive analysis.
Vision capabilities include:
- Image description: Describe what is in a photo or screenshot in natural language
- Text extraction: Read text from screenshots, photos of printed documents, whiteboards, and signage (effectively OCR via vision model)
- Chart and graph analysis: Interpret data visualizations, extract values, and explain trends
- Document analysis: Examine PDF pages, scanned contracts, invoices, and forms to extract structured information
- UI analysis: Analyze screenshots of applications or websites to describe what is shown and suggest next steps
- Comparison: Examine two images and describe differences or similarities
An important note on requirements: vision capabilities require a vision-capable model. Not all models support image input. GPT-4o, Claude 3.5 Sonnet, and Gemini 1.5 all support vision and work well for document and image analysis tasks. If you configure an agent with a text-only model, the vision built-in will not function. ClawTrust's model selector clearly labels which models support vision.
Practical uses include: sending the agent a photo of a business card to extract and save contact information, sharing a screenshot of an error message to get troubleshooting help, sending an invoice image to have the agent extract line items into a spreadsheet, or photographing a whiteboard from a meeting to get a structured summary.
Built-In Skills vs ClawHub Skills: What Is the Difference?
The clearest way to understand the difference is through origin and risk profile.
Built-in tools are part of the OpenClaw core software. They are written by the OpenClaw development team, reviewed through the same process as the rest of the codebase, and shipped in every release. They have no external dependencies that could be compromised, no third-party code paths, and no marketplace trust issues. When you use the browser built-in or the code sandbox, you are using software maintained by the OpenClaw foundation.
ClawHub skills are packages contributed by the community. They are reviewed in theory, but the review process is not exhaustive, and bad actors have found ways to publish skills that look legitimate while performing malicious actions in the background. In early 2026, researchers identified 341 malicious skills on ClawHub that were stealing credentials, exfiltrating data, or enabling remote access to the host system. Several of those skills had thousands of installs before discovery.
For context on the security implications, see our detailed breakdown: OpenClaw Security: 341 Malicious Skills and What We Do About It.
The operational difference is equally significant. Built-ins are always available, require no configuration, and do not depend on external services staying online. A ClawHub skill for GitHub access requires GitHub's API to be reachable and your credentials to be valid. If GitHub has an outage or your token expires, that skill stops working. The built-in browser, by contrast, has no external dependency beyond the target website itself.
Skills also extend built-ins rather than replacing them. The clawtrust-email skill, for example, does not replace the file management built-in. It gives the agent the ability to send outbound emails, using credentials and templates stored in the workspace (file management) and referencing memory about the recipient (Team Brain). The skill adds a new capability on top of the foundation the built-ins provide.
A useful mental model: built-ins are the agent's hands and eyes. Skills are the specialized tools those hands can pick up and use. You can do a lot with hands alone. Skills just expand what is reachable.
For a full breakdown of which skills are safe to install and which are worth the effort, see: Best OpenClaw Skills: What to Install and What to Avoid.
What OpenClaw Does NOT Include Built-In
Understanding the limits of built-in tools is as important as knowing what they can do. Several capabilities that users expect OpenClaw to handle out of the box actually require skills or channel configurations.
Calendar integrations: OpenClaw cannot create calendar events, check availability, or send meeting invites without a scheduling skill. Cal.com scheduling is available as a ClawTrust pre-installed skill on all plans. Google Calendar, Outlook Calendar, and other calendar services require their own skills.
GitHub and code repository access: The code execution built-in can write and run code locally in the sandbox, but it cannot push commits, open pull requests, create issues, or interact with GitHub's API without the GitHub Developer skill. This distinction matters: running code locally is built-in, interacting with remote repositories is not.
Phone calls: OpenClaw has no native telephony. Making and receiving calls requires a skill that integrates with a voice provider. ClawTrust pre-installs the Vapi skill, which handles voice agent capabilities for inbound and outbound calls.
Email identity (sending as your address): The agent can read emails sent to it through channel connections, but sending outbound email from a dedicated agent email address requires the clawtrust-email skill. This is a Pro and Enterprise feature on ClawTrust, because it requires provisioning a real email identity on the deskoperations.com infrastructure.
Slack, Discord, and Telegram management: The ability to receive and send messages through these channels comes from channel plugins (part of OpenClaw's channel system), not from built-in skills. The channels are configured separately from skills. An agent without Telegram configured cannot receive Telegram messages, regardless of what skills it has installed.
CRM and business tool access: Salesforce, HubSpot, Notion, Airtable, and similar tools all require dedicated skills. The browser built-in could theoretically interact with their web interfaces, but proper API-based integration requires skills with appropriate credentials and structured tool definitions.
The pattern is consistent: built-ins give the agent general capabilities (browse, compute, store, remember, see). Specific service integrations require specific skills. This is by design. It keeps the core software lean and focused while allowing the skill ecosystem to expand coverage as needed.
ClawTrust Pre-Installed Skills: What We Add
ClawTrust does not deliver a bare OpenClaw install. Every agent comes with six pre-vetted, pre-configured skills installed on top of the built-ins. These were selected for reliability, security, and broad usefulness across the types of work most agents are expected to handle.
| Skill | What It Adds | Available On |
|---|---|---|
| clawtrust-core | Agent identity, behavior configuration, and ClawTrust platform integration | All tiers |
| clawtrust-credentials | Secure credential vault access so agents can retrieve API keys without storing them in plaintext | All tiers |
| clawtrust-email | Agent email identity: inbound processing and outbound sending from a dedicated address | Pro and Enterprise |
| github-developer | GitHub API access: create and review PRs, manage issues, read repositories, commit code | All tiers |
| cal-com-scheduling | Calendar booking via Cal.com: check availability, create bookings, manage appointments | All tiers |
| vapi-voice-agent | Phone calls via Vapi: voice agent for inbound and outbound call handling | All tiers |
These six skills are installed and configured before the agent reaches you. There is no marketplace browsing, no security vetting required on your end, and no configuration to complete before they work. Connect your GitHub token in the credentials vault, point the Cal.com skill at your calendar, and the agent is ready.
The selection reflects a deliberate philosophy: agents should be immediately useful for the most common business tasks (code work, scheduling, communication) without requiring expertise in the OpenClaw skill ecosystem. You can add more skills later, but most users find these six cover the majority of their day-to-day workflows.
All six skills have been reviewed by the ClawTrust security team and are maintained by our engineering team rather than relying on community-contributed packages. They are updated in place when the underlying APIs change, so you do not need to manage skill versions.
Get All Six Skills Pre-Installed
Every ClawTrust agent ships with built-in OpenClaw capabilities plus six vetted skills: core identity, credential vault, GitHub, Cal.com scheduling, and Vapi voice. Try it free for 5 days with no credit card required.
Start Free TrialOpenClaw Built-In Skills Quick Reference
Use this table as a quick reference when evaluating what your agent can do with the base OpenClaw install versus what requires additional configuration.
| Capability | Available by Default | Notes | Common Use Cases |
|---|---|---|---|
| Web browser | Yes | Real Chromium, full JS rendering | Research, form filling, data extraction, price monitoring |
| Code execution | Yes | Python and JavaScript, sandboxed | Data analysis, transformations, calculations, report generation |
| File management | Yes | Persistent workspace, 40GB on ClawTrust | Documents, data storage, exports, knowledge base |
| Memory | Yes | In-context plus Team Brain persistent store | Preferences, contacts, processes, decisions |
| Shell commands | Yes | Sandboxed, workspace-scoped | File operations, script execution, system utilities |
| Image and document analysis | Yes (requires vision model) | GPT-4o, Claude 3.5 Sonnet, Gemini 1.5 | Screenshots, invoices, charts, business cards |
| GitHub access | No (requires skill) | Pre-installed by ClawTrust | PRs, issues, repository management, code review |
| Calendar booking | No (requires skill) | Pre-installed by ClawTrust (Cal.com) | Scheduling, availability checks, meeting management |
| Phone calls | No (requires skill) | Pre-installed by ClawTrust (Vapi) | Inbound and outbound voice interactions |
| Email identity (outbound sending) | No (requires skill, Pro+) | clawtrust-email skill on Pro and Enterprise | Outbound email from agent's dedicated address |
| Telegram, WhatsApp, Slack channels | No (channel plugins) | Configured separately from skills | Multi-channel messaging and communication |
| Credential vault | No (requires skill) | Pre-installed by ClawTrust | Secure API key storage and retrieval without plaintext exposure |
The split is clear: built-ins handle general computation, storage, browsing, memory, and vision. Specific external service integrations require skills. ClawTrust closes most of the gap between those two columns by pre-installing and pre-configuring the most commonly needed skills, so your agent starts with a much larger set of ready-to-use capabilities than a bare OpenClaw install provides.
If you are evaluating whether OpenClaw can handle a specific workflow, the first question to ask is which built-ins and skills that workflow requires, then whether those are pre-installed on ClawTrust or need to be configured. In most cases, the workflows that matter most to business users are already covered without any additional setup.
Frequently Asked Questions
What built-in skills does OpenClaw have?
OpenClaw includes these built-in capabilities out of the box: web browsing (real Chromium browser), sandboxed code execution (Python and JavaScript), file management (persistent workspace directory), persistent memory (across conversations), shell command execution (sandboxed), and image and document analysis (vision, requires a multimodal model). These are available without installing any marketplace skills.
What is the difference between OpenClaw built-in tools and ClawHub skills?
Built-in tools are core capabilities shipped with every OpenClaw installation: browser, code sandbox, file system, memory. ClawHub skills are installable packages that add integrations with external services like GitHub, Cal.com, Vapi, or email. Skills extend what the agent can do beyond its built-in tools. In 2026, 341 malicious skills were found on ClawHub - built-in tools carry no such risk.
Does OpenClaw have a built-in web browser?
Yes. OpenClaw's browser tool uses a real Chromium instance (not a text-only HTTP client). It can navigate URLs, click elements, fill forms, execute JavaScript, take screenshots, extract text and structured data, manage sessions and cookies, and handle modern web apps. On ClawTrust, the browser runs inside a sandboxed container with resource limits.
Can OpenClaw run Python code?
Yes. OpenClaw has a built-in sandboxed code execution environment that supports Python and JavaScript. The agent can write and run scripts, install Python packages within a session, perform data analysis, call external APIs from code, and generate executable code for complex logic. The sandbox prevents access to the host filesystem outside the agent's workspace directory.
Does OpenClaw remember things between conversations?
Yes. OpenClaw has both in-context memory (within a single conversation) and persistent memory (stored between sessions). On ClawTrust, persistent memory is powered by Team Brain, which stores learned facts, preferences, contacts, processes, FAQs, and decisions in a searchable database. PII is automatically stripped before storage.