Skills Reference

Skills are the atomic capabilities of the WASP agent. The LLM calls skills using XML-like syntax: <skill>skill_name(param="value")</skill>.

Capability Levels

Every skill is assigned a capability level that controls auditing, risk assessment, and rate limiting:

Level	Examples	Audit	Risk Check	Rate Limit
SAFE	calculate, datetime, system_info	No	No	Unlimited
MONITORED	web_search, fetch_url, browser	No	No	Unlimited
CONTROLLED	reminders, gmail, task_manager, skill_manager	Yes	No	Unlimited
RESTRICTED	shell, python_exec, http_request, file_ops	Yes	Yes	Unlimited
PRIVILEGED	self_improve, broker (Docker commands)	Yes	Yes	20/hour

Built-in Skills

Web & Research

Skill	Capability	Description
web_search	MONITORED	DuckDuckGo search, returns 5-10 results with snippets
fetch_url	MONITORED	HTTP GET with CSS selector support, 12k output cap. SSRF-protected: blocks RFC-1918, loopback, and cloud metadata endpoints.
scrape	MONITORED	Extract structured data from web pages
browser	MONITORED	Full Chromium browser (click, type, screenshot, login, JS). Named sessions for persistent cookies.
browser_screenshot_full_page	MONITORED	Full-page screenshot capture via Chromium
browser_smart_navigate	MONITORED	Smart navigation with auto-wait and JS rendering
browser_deep_scrape	MONITORED	Deep scrape of JS-rendered pages via browser
deep_scraper	MONITORED	Playwright/Crawlee containerized scraper — YouTube transcripts (network interception) and JS-heavy/anti-bot pages. SSRF-protected.

Browser skill actions: navigate, click, type, screenshot, capture, get_text, scroll, get_links, execute_js

Named browser sessions for persistent state:

browser(action="navigate", url="https://...", session="my_session")

deep_scraper

The deep_scraper skill runs a containerized Playwright/Chromium browser:

• YouTube mode — intercepts the YouTube timedtext API to extract full captions without scraping the DOM
• Generic mode — waits for networkidle to render fully JS-heavy or anti-bot pages

SSRF Protection: Before executing, resolves the hostname via getaddrinfo() and validates all A/AAAA records against RFC1918, loopback, link-local, reserved, and multicast ranges. Fails closed on any DNS resolution error.

Output format:

status: SUCCESS | PARTIAL | ERROR
type:   TRANSCRIPT | DESCRIPTION | GENERIC
content:
<extracted text>

Code & System

Skill	Capability	Description
python_exec	RESTRICTED	Execute Python code in subprocess sandbox, 60s timeout, 8k output
shell	RESTRICTED	Execute shell commands, 60s default / 120s max timeout. Every invocation written to AuditLog with redacted command.
calculate	SAFE	Mathematical calculations
system_info	SAFE	System information: disk usage, RAM, CPU, uptime

shell — Audit Logging (v2.6)

Every shell invocation is logged to audit_log with action="skill.shell":

• Command is redacted before logging (strips sk-*, AIza*, xai-*, hf_*, key=value, password=value patterns)
• Records exit code and optional goal_id context
• Fire-and-forget via asyncio.ensure_future() — zero latency impact

File Operations

Skill	Capability	Description
read_file	RESTRICTED	Read any file in the container
write_file	RESTRICTED	Write any file in the container

Files accessible under /data/ (persistent volume mounts).

Communication & Calendar

Skill	Capability	Description
gmail	CONTROLLED	Read inbox, send email, search, reply
create_reminder	CONTROLLED	Create time-based reminders (fires via scheduler)
list_reminders	CONTROLLED	List all active reminders for the user
delete_reminder	CONTROLLED	Delete reminder by keyword match or keyword="all"
task_manager	CONTROLLED	Create/list/update/delete recurring tasks
google_calendar	CONTROLLED	Read/create/update Google Calendar events

Data & APIs

Skill	Capability	Description
http_request	RESTRICTED	HTTP GET/POST/PUT/DELETE/PATCH with custom headers. SSRF-protected.
subscribe	CONTROLLED	RSS feed and price alert subscriptions
render_report	CONTROLLED	Generate formatted reports (crypto, price tables, email digests)
extract_fields	CONTROLLED	Extract named fields from previous skill output by path

Notes & Monitoring

Skill	Capability	Description
create_note	CONTROLLED	Create a note in persistent memory
search_notes	CONTROLLED	Search notes by keyword
create_monitor	CONTROLLED	Create a price or RSS monitor with threshold
list_monitors	CONTROLLED	List all active monitors
remove_monitor	CONTROLLED	Remove a monitor by ID or name

Agent Management

Skill	Capability	Description
agent_manager	CONTROLLED	Create, list, pause, resume, archive sub-agents
meta_orchestrate	CONTROLLED	High-level orchestration across multiple agents and goals

agent_manager actions: create, list, get, pause, resume, archive

Self-Improvement

Skill	Capability	Description
self_improve	PRIVILEGED	Read, propose, apply, patch, install on own source code. Syntax-validated before write. Backup created before overwrite. Soft safety gate blocks safety-weakening edits.
skill_manager	CONTROLLED	Create, edit, toggle, delete custom Python skills at runtime

self_improve actions: read, propose, list, apply, reject, patch, install

skill_manager actions: create, list, edit, toggle, delete

self_improve — Safety (v2.6)

Before writing any Python file, the apply endpoint:

1. Runs ast.parse(content) — rejects with HTTP 400 on SyntaxError (no file written)
2. Creates a timestamped backup at /data/src_patches/backup_{ts}_{filename} before overwrite
3. Passes through the Soft Safety Gate (deterministic pattern-based pre-execution check that blocks safety-weakening edits to critical source files)

Integrations

Skill	Capability	Description
integration	CONTROLLED	Invoke any registered integration connector
openclaw	CONTROLLED	OpenClaw skill management and invocation

Parallel Execution

Skills can run in parallel by using <parallel> blocks:

<parallel>
  <skill>web_search(query="BTC price")</skill>
  <skill>web_search(query="ETH price")</skill>
  <skill>fetch_url(url="https://api.coinbase.com/v2/prices/BTC-USD/spot")</skill>
</parallel>

All skills in a parallel block execute concurrently via asyncio.gather().

Custom Python Skills

Create custom skills via skill_manager:

skill_manager(
  action="create",
  name="my_skill",
  description="Does something custom",
  params="input_text,max_length",
  code="
class MySkillSkill(SkillBase):
    def definition(self):
        return SkillDefinition(
            name='my_skill',
            description='Does something custom',
            params=[
                SkillParam(name='input_text', param_type=ParamType.STRING, required=True),
                SkillParam(name='max_length', param_type=ParamType.INTEGER, required=False),
            ]
        )

    async def execute(self, input_text: str, max_length: int = 500, **kwargs) -> SkillResult:
        result = input_text[:max_length]
        return SkillResult(skill_name='my_skill', output=result)
"
)

Custom skills are stored in /data/skills/<slug>/skill.py and survive container restarts. They appear as python-custom in skill_manager(action="list").

Skill Registration

Skills are registered at startup in src/skills/builtin/__init__.py:

registry.register(WebSearchSkill())
registry.register(BrowserSkill())
registry.register(ShellSkill())
# ... etc

Each skill must implement SkillBase:

• definition() → SkillDefinition — metadata, parameters, examples
• async execute(**params) → SkillResult — execution logic

Anticipatory Simulation

Before executing RESTRICTED or PRIVILEGED skills, the agent runs an anticipatory simulation:

• The LLM predicts the consequences of the action
• Result appended to skill output as [ANTICIPATORY SIMULATION]:
• Helps the agent course-correct before irreversible actions
• Results cached in Redis for 5 minutes (identical calls avoid re-simulation)

Skill Output Format

SkillResult(
    skill_name="shell",
    success=True,
    output="...",   # Human-readable output (max varies by skill)
    error=None,     # Error message if failed
)