OpenClaw Tool System
Tools turn OpenClaw from "can chat" into "can do." This chapter covers built-in capabilities and the crucial tool policies and approval gates.
What Can OpenClaw Do?
The agent can perform a range of real operations:
These let OpenClaw genuinely "run errands" for you — but they also mean it can change your system and accounts, so tool policies are essential.
Tool Policies & Approval Gates (Core Safety Mechanism)
OpenClaw governs high-risk actions with tool policies: you can require reads to pass automatically while sends/deletes/writes must be approved first.
These approval gates are OpenClaw's first line of defense. Follow a tighten-by-default principle:
Configuring Policies in openclaw.json
Tool policies and approval rules live in the main openclaw.json. You can:
- Set allow / ask / deny per tool
- Distinguish read vs. write/send/delete
- Force approval for risky platform actions (e.g., sending email, deleting files)
After configuring, verify the policy behaves as expected on a low-risk task in the Dashboard before granting more permissions.
Browser Automation
The browser tool lets OpenClaw operate the web like a human: search, navigate, click, fill forms, scrape. These tasks are memory-heavy — reserve 4GB+ RAM for browser automation.
Because the browser can log into your accounts and submit forms, be sure to put it behind approval gates to avoid real-world consequences from mistakes.
Extending Capabilities via Skills
Tools are "atomic capabilities"; composing multi-step flows into reusable procedures is what skills are for:
- Skills are described in
SKILL.mdand shareable via ClawHub - The agent can even auto-draft a skill when one is missing
- See Skills
Security warning: community skills are not sandboxed by default, and there have been many malicious ones. Review any third-party skill before installing — see Security.
Practical Tips
- Start with tool policies as tight as possible, then loosen as needed
- Keep all send / delete / pay / login actions behind human approval
- Browser and shell are double-edged: powerful and risky — rehearse in an isolated environment / test accounts first
- Turn repeated multi-step actions into skills to reduce errors and token use
Next Steps
- Skills — compose tools into reusable capabilities
- Permissions & Security — the full governance of tool policies
- Message Channels — deliver results to your chat apps