Plugin-skill registration uses fs.symlink (EPERM on Windows without admin/Developer Mode); junction would work without elevation

[jvpflum]

Version

• openclaw 2026.5.4 (325df3e)
• Windows 11 (build 26200), Node.js (via nvm4w), PowerShell 7
• Standard user account; Developer Mode is OFF

Summary

Plugin-skill registration uses fs.symlink to expose plugin-shipped skills under ~/.openclaw/plugin-skills/. On Windows, creating a fs.symlink requires either administrator elevation or Windows Developer Mode. For users with neither (the default), every plugin-shipped skill silently fails to register with EPERM: operation not permitted, symlink ....

In my install, this leaves at least three skills undiscovered: browser-automation (from @openclaw/browser-plugin), obsidian-vault-maintainer, and wiki-maintainer (both from @openclaw/memory-wiki). The errors also flood stderr on every openclaw doctor invocation — but the worse impact is that openclaw skills list doesn't show them at all, so users can't easily tell why an installed plugin's skills aren't available.

Reproduction

Fresh install on a standard Windows user account (no Developer Mode, no admin):

> openclaw doctor
...
[skills] failed to create plugin skill symlink "C:\Users\jarro\.openclaw\plugin-skills\browser-automation" → "C:\Users\jarro\AppData\Roaming\npm\node_modules\openclaw\dist\extensions\browser\skills\browser-automation": Error: EPERM: operation not permitted, symlink 'C:\Users\jarro\AppData\Roaming\npm\node_modules\openclaw\dist\extensions\browser\skills\browser-automation' -> 'C:\Users\jarro\.openclaw\plugin-skills\browser-automation'
[skills] failed to create plugin skill symlink "C:\Users\jarro\.openclaw\plugin-skills\obsidian-vault-maintainer" → "C:\Users\jarro\AppData\Roaming\npm\node_modules\openclaw\dist\extensions\memory-wiki\skills\obsidian-vault-maintainer": Error: EPERM: operation not permitted, symlink ...
[skills] failed to create plugin skill symlink "C:\Users\jarro\.openclaw\plugin-skills\wiki-maintainer" → "C:\Users\jarro\AppData\Roaming\npm\node_modules\openclaw\dist\extensions\memory-wiki\skills\wiki-maintainer": Error: EPERM: operation not permitted, symlink ...

The same errors print on every CLI invocation that touches plugin-skill registration.

Why a plain fs.symlink fallback is the wrong fix on Windows

On NTFS, directory junctions (reparse points) behave the same as symlinks for fs.readdir/fs.realpath and do not require elevation or Developer Mode. The skill folders OpenClaw is trying to expose are all directories rooted under the npm module dir, which is exactly the case junctions handle.

I confirmed locally that the same target the symlink call is failing on works fine via a junction:

> $src = "$env:APPDATA\npm\node_modules\openclaw\dist\extensions\browser\skills\browser-automation"
> $dst = "$env:TEMP\junction-test"
> cmd /c "mklink /J `"$dst`" `"$src`""
Junction created for C:\Users\jarro\AppData\Local\Temp\junction-test <<===>> C:\Users\jarro\AppData\Roaming\npm\node_modules\openclaw\dist\extensions\browser\skills\browser-automation

(No admin, no Developer Mode.)

Suggested fix

In the plugin-skill registration helper, on process.platform === "win32" and only for directory targets, fall back to a junction when fs.symlink throws EPERM:

try {
  await fs.symlink(target, link, "junction"); // Node already supports "junction" type on Windows
} catch (err) {
  if (process.platform === "win32" && (err as NodeJS.ErrnoException).code === "EPERM") {
    // last-resort: spawn `cmd /c mklink /J` if the junction type didn't take
    await spawnMklinkJunction(link, target);
  } else {
    throw err;
  }
}

Node's own fs.symlink(target, path, "junction") on Windows already maps to a directory junction without requiring elevation, so depending on what's currently being passed, switching the type argument from default/"dir" to "junction" may be the entire fix. Worth confirming the call site is using the default/"dir" mode (which uses NT symlinks and triggers the EPERM).

If a junction is genuinely undesirable (e.g. the skill target is a file, not a directory), fall back to a hard copy — slower but guaranteed to work — and surface a one-line warning telling the user how to enable Developer Mode if they want symlink behavior back.

Impact

Three "stock" plugin-shipped skills are silently unavailable on stock Windows installs:

• browser-automation — blocks the entire @openclaw/browser-plugin skill surface
• obsidian-vault-maintainer
• wiki-maintainer

I ship a desktop frontend on top of OpenClaw (Crystal: https://github.com/jvpflum/Crystal) and was tracking down "why does my browser skill list show empty" when I found this in openclaw doctor. The error is logged but never bubbles up to the skills surface, so users hit it as an "I installed the plugin but the skill isn't there" mystery.

Out of scope but related

The EPERM error itself is also printed to stderr on every CLI invocation that touches skill registration, including --json reads. That's the same anti-pattern flagged in #77942 (config-validator output leaking into machine-readable command stderr). Mentioning here for context but not asking for it to be fixed in this issue.

Happy to send a focused PR + test once you confirm the preferred call-site change (switch fs.symlink type to "junction" vs add explicit fallback logic).

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
This should stay open: current main still creates plugin-skill directory links with Windows directory symlink semantics, and the report describes a narrow, source-backed Windows standard-user failure.

Reproducibility: yes. from source inspection, but not by live execution here: current main hardcodes fs.symlinkSync(..., "dir") for directory targets and only warns on failure, which matches the reported Windows EPERM path. Live reproduction should be run on a standard Windows account without Developer Mode before landing.

Next step
The fix boundary is narrow and source-backed, but the repair lane should still collect Windows standard-user proof before proposing a final landing decision.

Review details

Best possible solution:

Use Windows directory junctions for generated plugin-skill directory links, preserve the existing containment and cleanup guarantees, and add regression coverage plus Windows real-behavior proof when feasible.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection, but not by live execution here: current main hardcodes fs.symlinkSync(..., "dir") for directory targets and only warns on failure, which matches the reported Windows EPERM path. Live reproduction should be run on a standard Windows account without Developer Mode before landing.

Is this the best way to solve the issue?

Yes, the narrowest maintainable fix is to use junction for Windows directory plugin-skill links or retry EPERM with a junction while keeping the existing security checks and cleanup behavior. This should not broaden into the related stderr-noise report #77942 beyond avoiding this specific warning after a successful fallback.

Acceptance criteria:

• pnpm test src/agents/skills/plugin-skills.test.ts
• pnpm exec oxfmt --check --threads=1 src/agents/skills/plugin-skills.ts src/agents/skills/plugin-skills.test.ts CHANGELOG.md
• pnpm check:changed in Testbox before handoff if code is changed
• When feasible, live-verify on Windows standard user with Developer Mode off by running openclaw doctor and openclaw skills list --json against a plugin that ships skills.

What I checked:

• Current symlink behavior: The plugin-skill publisher still calls fs.symlinkSync(target, linkPath, "dir") and only logs the failure, matching the reported EPERM path on Windows when directory symlink creation is not permitted. (src/agents/skills/plugin-skills.ts:217, fd86ab2e5003)
• Documented plugin-skill contract: Docs say plugins can list skill directories in openclaw.plugin.json and that plugin skills load when the plugin is enabled, so a failed publish path breaks an existing documented behavior rather than requesting a new feature. Public docs: docs/tools/skills.md. (docs/tools/skills.md:91, fd86ab2e5003)
• Manifest field contract: The plugin manifest reference defines the top-level skills field as skill directories to load relative to the plugin root. Public docs: docs/plugins/manifest.md. (docs/plugins/manifest.md:184, fd86ab2e5003)
• Affected bundled plugins exist: The browser and memory-wiki bundled plugins both declare "./skills", and the reported browser-automation, wiki-maintainer, and obsidian-vault-maintainer SKILL.md files are present under those plugin skill directories. (extensions/browser/openclaw.plugin.json:12, fd86ab2e5003)
• Existing coverage gap: Current tests assert symlink creation and cleanup but do not cover a Windows EPERM fallback or junction type selection for plugin skill publishing. (src/agents/skills/plugin-skills.test.ts:385, fd86ab2e5003)
• Node API supports the requested type: The local Node runtime validates fs.symlink type values including "junction", while the current OpenClaw call hardcodes "dir".

Likely related people:

• @VintageAyu: The current-main plugin-skill publishing helper, workspace integration, tests, and docs blame to commit f9da484, whose commit message credits @VintageAyu. (role: introduced current-main behavior; confidence: high; commits: f9da4843652e; files: src/agents/skills/plugin-skills.ts, src/agents/skills/workspace.ts, src/agents/skills/plugin-skills.test.ts)
• @steipete: The v2026.5.4 release commit contains the same plugin-skills helper in the shipped tag, and local shortlog shows Peter Steinberger as the dominant maintainer across the central skill/plugin docs and code paths sampled. (role: release and adjacent maintainer; confidence: medium; commits: 325df3efefe9; files: src/agents/skills/plugin-skills.ts, src/agents/skills/workspace.ts, docs/tools/skills.md)

Remaining risk / open question:

• No live Windows standard-user run was performed in this read-only review; the failure is source-backed and supported by the reporter's logs, but after-fix proof should use Windows without Developer Mode when feasible.
• The repair should verify junction cleanup/idempotence semantics on Windows, because stale cleanup currently filters generated entries through Dirent.isSymbolicLink().
• Current source also attempts to load resolved plugin skill directories directly in some status paths, so the exact skills list visibility failure needs live Windows confirmation even though the symlink publication failure itself is clear.

Codex review notes: model gpt-5.5, reasoning high; reviewed against fd86ab2e5003.

[m13v]

hit the same thing shipping a desktop automation tool on Windows. fs.symlink with the default 'dir' type silently maps to NT symlinks which need SeCreateSymbolicLinkPrivilege, and stock user accounts without Developer Mode just get EPERM. passing 'junction' as the third arg fixes it for directory targets without spawning mklink, since Node hands it straight to DeviceIoControl with FSCTL_SET_REPARSE_POINT. one gotcha though: junctions only work on local NTFS volumes, so if anyone installs npm globals on a network share or ReFS you still need the copy fallback. worth feature-detecting once at install rather than try/catching per skill.