OpenClaw Skill Permissions Explained: fileRead, fileWrite, network, shell
OpenClaw skills are powerful because they can read your project, modify files, and call external APIs.
That also means permissions are your main security boundary.
If you do only one thing before installing a new skill: run it through the Skill Verifier and compare it against the Verified Skills catalog.
- Verify: /verifier
- Prefer audited: /verified-skills
The 4 permissions (what they really mean)
| Permission | What it enables | Typical safe use | Common risk |
|---|---|---|---|
fileRead | Read files in your workspace | Linters, analyzers, doc tools | Reading .env, keys, secrets |
fileWrite | Create/modify files | Scaffolding, refactors, codegen | Silent backdoors, supply-chain edits |
network | Outbound HTTP/DNS | Fetch docs, call APIs you approve | Data exfiltration to attacker domain |
shell | Execute commands | Builds, test runners, devops | Full RCE under your user account |
“Dangerous combos” to recognize fast
These combos are not automatically malicious, but they deserve extra scrutiny:
fileRead+network: can read secrets and send them out.fileWrite+network: can download and persist payloads.shell+ anything: treat as RCE (sandbox required).- All four: maximum blast radius, avoid unless you fully trust the skill.
Safe defaults (recommended policy)
If you want a simple baseline:
- Default to no network.
- Default to no shell (or require explicit confirmation for every command).
- Prefer skills that only need
fileRead(or none). - Run risky skills inside a sandbox: /guides/sandbox-setup
Quick review workflow (30 seconds)
- Check the permissions and ask: “Is each permission necessary for the stated purpose?”
- If
networkis requested: require an allowlist (specific domains only). - If
shellis requested: sandbox + confirmation. - If anything feels off: do not install. Use an alternative from Verified Skills.
What to do when a skill asks for “too much”
Pragmatic options:
- Find a less-privileged alternative in /verified-skills.
- Run it in a sandbox and block network by default.
- Use it once, then uninstall (don’t keep high-risk skills installed “just in case”).
Next steps
- Read the pillar guide: /guides/openclaw-security
- Use the verifier before every install: /verifier