Problem
openclaw 2026.4.23 (a979721) reports skills as eligible: true even when they declare required binaries (metadata.requires.bins) that aren't installed on the system. The skill validator only honors the metadata.openclaw.* namespace and silently ignores metadata.clawdbot.*, which is the legacy key still used by a large number of bundled and ClawHub-published skills.
In a fresh user workspace I found:
- 43 skills with
metadata.clawdbot (legacy key, ignored by validator)
- 10 skills with
metadata.openclaw (current key, honored)
- 24 of the legacy-key skills declare bins that weren't installed, yet
openclaw skills check and openclaw skills list --json returned eligible: true with missing.bins: [] for all of them
End-user impact: agents are told a skill is ready, attempt to invoke it, and fail at runtime with command not found. The advertised install actions (also under metadata.clawdbot.install[]) are equally hidden from the install hints surfaced by Control UI / skills info.
Reproduction
# Fresh install, only the bundled openclaw skills present
which op # → not found
openclaw skills info 1password
# Status: ✓ Ready (← wrong; the SKILL.md declares requires.bins=["op"] under metadata.clawdbot)
Frontmatter of the bundled 1password skill:
---
name: 1password
description: Set up and use 1Password CLI (op). ...
homepage: https://developer.1password.com/docs/cli/get-started/
metadata: {"clawdbot":{"emoji":"🔐","requires":{"bins":["op"]},"install":[{"id":"brew","kind":"brew","formula":"1password-cli","bins":["op"],"label":"Install 1Password CLI (brew)"}]}}
---The validator treats metadata.requires as empty because it only inspects metadata.openclaw.requires. Compare with sherpa-onnx-tts (uses metadata.openclaw) which is correctly flagged when its env vars are missing.
24 affected skills observed in the wild
| Skill |
Declared bin |
Installable via |
| 1password |
op |
brew 1password-cli |
| tmux |
tmux |
brew tmux |
| managing-apple-music |
clawtunes |
brew forketyfork/tap/clawtunes |
| apple-mail-search |
fruitmail |
npm apple-mail-search-cli |
| apple-notes |
memo |
brew antoniorodr/memo/memo |
| things-mac |
things |
go github.com/ossianhempel/things3-cli/cmd/things |
| nano-pdf |
nano-pdf |
uv tool nano-pdf |
| bear-notes |
grizzly |
go github.com/tylerwince/grizzly/cmd/grizzly |
| blogwatcher |
blogwatcher |
go github.com/Hyaxia/blogwatcher/cmd/blogwatcher |
| openhue |
openhue |
brew openhue/cli/openhue-cli |
| gemini |
gemini |
brew gemini-cli |
| gifgrep / ordercli / goplaces / imsg / camsnap / sag / wacli / songsee |
various |
brew steipete/tap/<formula> |
| obsidian |
obsidian-cli |
brew yakitrak/yakitrak/obsidian-cli |
| eightctl / blucli / sonoscli |
various |
go github.com/steipete/<repo> |
| summarize |
summarize |
(formula was deleted from steipete/tap in 93870cb) |
Suggested fix (pick one or both)
- Validator — make the skill validator read
metadata.clawdbot.{requires,install} as a fallback when metadata.openclaw.* is absent. Low-risk, single source-of-truth change in the skill loader.
- Skill migration — automated
openclaw doctor --fix step (or a one-shot rewrite at upgrade time) that renames metadata.clawdbot → metadata.openclaw in workspace SKILL.md files. Keeps the validator strict on a single key going forward.
I'd lean (1) plus a deprecation warning, since SKILL.md authors / ClawHub publishers can't be forced to migrate.
Environment
- macOS 26.4.1 arm64, node 25.5.0
- openclaw 2026.4.23 (a979721) installed via npm (
npm -g)
- 111 skills total in workspace (98 workspace + 12 bundled + 1 managed)
Happy to PR (1) — looks like a small change in the skill manifest reader.
Problem
openclaw 2026.4.23(a979721) reports skills aseligible: trueeven when they declare required binaries (metadata.requires.bins) that aren't installed on the system. The skill validator only honors themetadata.openclaw.*namespace and silently ignoresmetadata.clawdbot.*, which is the legacy key still used by a large number of bundled and ClawHub-published skills.In a fresh user workspace I found:
metadata.clawdbot(legacy key, ignored by validator)metadata.openclaw(current key, honored)openclaw skills checkandopenclaw skills list --jsonreturnedeligible: truewithmissing.bins: []for all of themEnd-user impact: agents are told a skill is ready, attempt to invoke it, and fail at runtime with
command not found. The advertised install actions (also undermetadata.clawdbot.install[]) are equally hidden from the install hints surfaced by Control UI /skills info.Reproduction
Frontmatter of the bundled
1passwordskill:The validator treats
metadata.requiresas empty because it only inspectsmetadata.openclaw.requires. Compare withsherpa-onnx-tts(usesmetadata.openclaw) which is correctly flagged when its env vars are missing.24 affected skills observed in the wild
op1password-clitmuxtmuxclawtunesforketyfork/tap/clawtunesfruitmailapple-mail-search-climemoantoniorodr/memo/memothingsgithub.com/ossianhempel/things3-cli/cmd/thingsnano-pdfnano-pdfgrizzlygithub.com/tylerwince/grizzly/cmd/grizzlyblogwatchergithub.com/Hyaxia/blogwatcher/cmd/blogwatcheropenhueopenhue/cli/openhue-cligeminigemini-clisteipete/tap/<formula>obsidian-cliyakitrak/yakitrak/obsidian-cligithub.com/steipete/<repo>summarizeSuggested fix (pick one or both)
metadata.clawdbot.{requires,install}as a fallback whenmetadata.openclaw.*is absent. Low-risk, single source-of-truth change in the skill loader.openclaw doctor --fixstep (or a one-shot rewrite at upgrade time) that renamesmetadata.clawdbot→metadata.openclawin workspace SKILL.md files. Keeps the validator strict on a single key going forward.I'd lean (1) plus a deprecation warning, since SKILL.md authors / ClawHub publishers can't be forced to migrate.
Environment
npm -g)Happy to PR (1) — looks like a small change in the skill manifest reader.