Skip to main content
Skills are installed instruction/tool packages compatible with the Agent Skills style of SKILL.md packages. Pioneer parses the skill contract, validates it, installs it into managed roots, resolves active skills per turn, and can expose skill runtime tools to the model. Skills are the part of Pioneer that turns reusable know-how into a managed runtime feature. A skill can be just instructions, but the architecture treats it as more than text: it has provenance, validation, dependencies, trust level, policy, prompt behavior, and optional tools.
Skills and MCP both add capabilities to the agent, but they solve different problems. Skills package instructions and optional runtime tools. MCP connects Pioneer to external tool servers. Both eventually materialize through the tool runtime when they expose callable tools.

Why This Layer Exists

Without a skills layer, every specialized workflow would be copied into the main prompt or hardcoded into tools. That does not scale. Pioneer needs a way to install, inspect, validate, trust, enable, disable, and audit reusable capability packages. The skills layer keeps that lifecycle out of the agent loop. The agent only needs resolved skills for the current turn and dynamic tools that passed policy. Installation, upload, dependency checks, security scans, catalog loading, and trust decisions happen before the agent sees anything.

Layers

LayerCodeResponsibility
Contract parserskills/src/contract.rsReads SKILL.md, YAML frontmatter, sidecar metadata, dependencies, allowed tools, path rules, and runtime tool declarations.
Installerskills/src/installer.rsStages source, scans security, checks dependencies, writes lock entries, installs, updates, and uninstalls.
Catalogskills/src/catalog.rsLoads installed skills into catalog snapshots.
Policyskills/src/policy.rsMerges gateway and workspace policy into effective enabled and implicit-invocation flags.
Resolverskills/src/resolver.rsChooses which skills are active for a turn.
Prompt builderskills/src/prompt.rsBuilds the [Skills] dynamic prompt section.
Runtime toolsskills/src/runtime.rsValidates and materializes dynamic tool declarations.

Installation

The gateway handles install/update/uninstall requests under message/skills. Uploaded archives use an upload session protocol: start upload, send chunks, finish, then install from the materialized archive. The upload path enforces size, chunk, archive entry, and cleanup limits. The installer stages source before committing it. This lets Pioneer scan the skill directory, parse the contract, evaluate dependency preflight, verify fingerprints, and only then update the installed skill root and lock file.

Contract Shape

A skill source is a directory whose root contains SKILL.md. Uploaded archives must materialize to one top-level directory, and that directory must contain SKILL.md. The installer rejects absolute paths, parent traversal, duplicate archive paths, unsupported archive entries, symlinks in copied sources, and files that exceed configured size limits. SKILL.md has YAML frontmatter followed by a non-empty Markdown body: 
---
name: repo-review
slug: repo-review
description: Review code using the team's checklist. Use when the user asks for a code review or release-readiness pass.
allowed-tools: Read Bash(git:*)
dependencies:
  bins:
    - git
---

# Repo Review

Read `references/checklist.md` before reviewing code.
Pioneer parses an Agent Skills-compatible contract plus Pioneer runtime extensions. For native Pioneer skills, identity and behavior fields belong in SKILL.md YAML frontmatter. _meta.json is a compatibility sidecar for imported OpenClaw-style or registry-style packages, not the preferred native authoring format. At parse time, SKILL.md must exist, the body must not be empty, and the skill must have a slug. Native packages should provide that slug in frontmatter. Imported compatibility packages may provide it through _meta.json. Agent Skills strict conformance also requires name and description; Pioneer can still parse fallback values, but validation will report strict conformance issues.

Supported Frontmatter

FieldStatusTypeDefault / precedenceSemantics
nameNative required by convention; strict-requiredstring_meta.json.displayName, then slug if frontmatter is missingHuman-facing name. Native skills should set it in frontmatter.
slugRequired to parsestring_meta.json.slug overrides frontmatterNormalized to lowercase hyphen form and stored with owner as owner/slug.
ownerOptionalstring_meta.json.owner or _meta.json.ownerId, then frontmatter, then nested source path, then pioneerNamespace for the qualified slug.
descriptionNative required by convention; strict-requiredstringFirst non-empty body line if missingSkill summary and trigger description.
licenseOptionalstringNoneOptional license string.
compatibilityOptionalstringNoneOptional compatibility note. Strict profile requires 1..=500 characters when provided.
versionOptionalstring_meta.json.version, then _meta.json.latest.version, then frontmatterVersion hint. Native skills should set it in frontmatter.
user-invocableOptionalbooleantrueControls whether the skill can be selected explicitly.
disable-model-invocationOptionalbooleanfalsePrevents automatic model-side invocation when set.
pathsOptionalstring or list of stringsEmpty listPath match rules used by the resolver.
allowed-toolsOptionalstring or list of stringsEmpty listAgent Skills tool allowlist hint. Pioneer accepts both forms, but strict Agent Skills requires a space-separated string.
dependenciesOptionalobjectEmpty dependency setDependency checks for environment variables, binaries, commands, config keys, MCP servers, and API keys.
metadataOptionalobject or JSON-object string{}Raw metadata retained in the compiled definition. Pioneer recognizes openclaw and clawdbot namespaces.
runtimeOptionalobjectNo runtime toolsDynamic runtime tool declarations.
Unknown frontmatter keys are ignored by the parser unless they are inside a typed section such as runtime.tools.output_policy, where serde validation rejects unknown policy fields.

Dependencies

The dependencies object supports these lists:
FieldStatusTypeChecked todayMeaning
envOptionalstring or string arrayYesEnvironment variables that must be set and non-empty.
api_keysOptionalstring or string arrayYesAPI key environment variables that must be set and non-empty.
binsOptionalstring or string arrayYesExecutables that must be available in PATH.
commandsOptionalstring or string arrayYesCommand dependencies that must be available in PATH.
mcpOptionalstring or string arrayYesMCP server names that must be registered in the dependency check input.
configOptionalstring or string arrayStored, not baseline-enforcedConfig dependencies retained in the compiled definition.
The compiler also merges known dependency metadata from metadata.openclaw.requires and metadata.clawdbot.requires into the normalized dependency set. Dependencies are readiness checks, not installation instructions. The dependency evaluator checks the current gateway environment and reports missing or blocked requirements; it does not install binaries or commands. If a skill body contains setup instructions that install a command, do not declare that command as a required dependency unless the command must already exist before the skill can be installed or used.

Sidecar Metadata

_meta.json support exists for compatibility with imported OpenClaw-style or registry-style skill packages. Native Pioneer skills should put contract data in SKILL.md YAML frontmatter instead. If _meta.json exists beside SKILL.md, Pioneer reads only these fields:
FieldSemantics
owner or ownerIdOwner namespace override.
slugSlug override.
versionVersion hint override.
latest.versionFallback version hint.
displayNameFallback display name when frontmatter name is missing.
Sidecar identity fields take precedence over frontmatter identity fields. This lets imported registry metadata stabilize package identity without rewriting SKILL.md, but it also means native packages should avoid _meta.json unless they intentionally need compatibility override behavior. Pioneer does not read description, dependencies, paths, allowed-tools, metadata, user-invocable, disable-model-invocation, or runtime from _meta.json; those fields are frontmatter-only.

Runtime Tool Declarations

runtime.tools declares dynamic tools that can be projected into the normal tool router after policy checks: 
runtime:
  tools:
    - tool_slug: run-report
      description: Run the report helper.
      kind: shell
      parameters:
        type: object
        additionalProperties: false
      execution_class: exclusive
      config:
        command:
          - scripts/run-report.sh
      output_policy:
        llm:
          mode: summary_only
Each tool has:
FieldStatusTypeDefaultSemantics
tool_slugRequiredstringNoneNormalized to lowercase hyphen form. Canonical name becomes skill.<normalized-skill>.<normalized-tool>.
descriptionOptionalstringRuntime tool '<tool_slug>'Tool description.
kindRequiredshell, http, or function_proxyNoneRuntime class.
parametersOptionalJSON schema objectOpen objectFunction-call argument schema.
execution_classOptionalshared, exclusive, or session_scopedsharedScheduling hint for the tool router.
configOptionalobject{}Kind-specific configuration. Shell tools read config.command; HTTP tools read request defaults such as url, method, headers, and timeout_ms; function proxies require config.target_tool.
output_policyOptionalobjectHost defaultDynamic output policy request. Host caps may narrow or reject it.
Runtime tool declarations are not enough to expose a tool. The runtime planner also checks dynamic-tool enablement, allowed tool kinds, trust thresholds, duplicate canonical names, max tools per skill, dependency health, and output policy constraints.

Conformance Profiles

Pioneer produces a conformance report with two profiles:
ProfilePurpose
agentskills_strictChecks the open Agent Skills shape: name, description, name length and hyphen rules, strict allowed-tools string form, and strict metadata value types.
openclaw_compatChecks OpenClaw-style name, description, and recognized metadata.openclaw / metadata.clawdbot shapes.
Conformance issues are stored on SkillDefinition. Resolver policy decides whether validation issues block activation. The compiler turns parsed data into a SkillDefinition with identity, instructions, source information, trust level, dependencies, runtime tools, metadata, conformance report, and fingerprint.

Policy

Effective skill policy starts with: 
enabled = true
allow_implicit_invocation = false
Gateway policy can override those values, and workspace policy can override gateway policy. A disabled skill remains installed but does not participate in turn resolution. A non-implicit skill can still be used when explicitly invoked, including through TurnStartParams.capabilities, but it is not automatically selected just because its description or path rules might match. This is the difference between “installed” and “active.” Installed means Pioneer knows about the package. Active means this turn is allowed to use it. Implicit means Pioneer can select it automatically. Keeping those separate lets users keep powerful or experimental skills installed without letting the model discover and use them silently.

Turn Resolution

At turn time, the agent resolves skills using installed catalog data, workspace policy, explicit composer capabilities, path matches, explicit textual references, and implicit invocation rules. Composer-selected skills are normalized into explicit skill refs and resolved with reason ExplicitCapability, persisted as explicit_composer_capability in turn skill bindings. The dynamic skills prompt starts compactly: display name, exact read_skill slug, and “use when” description. Composer-selected skills stay compact and do not inject full skill bodies. Full bodies are eligible only for path-matched skills when the prompt budget allows. Otherwise the model is told to call read_skill with the exact slug. Missing, disabled, dependency-blocked, validation-rejected, or security-blocked composer skills are reported as rejected turn capabilities. The user message can still show the requested chip for auditability, while capability diagnostics explain what was actually accepted or rejected.

Runtime Tools

Skills can declare runtime tools. Pioneer validates their declarations and output policies before exposing them. Runtime tools can be shell, HTTP, or function-proxy style tools. Trust policy can require higher trust for more dangerous runtime classes. When a skill tool is accepted, including from a composer-selected skill, the agent materializes it into a ToolExtensionBundle and adds it to the same tool router as built-in, MCP, and task tools. If policy narrows an output declaration or excludes a tool, the agent logs diagnostics and continues the turn.

Audit And Health

Skill operations produce audit events. Turn-time resolution can also store dependency diagnostics. Health APIs report validation issues, dependency status, security findings, policy state, and whether the installed skill can be safely used. The design intent is that skills are not just prompt snippets. They are installable, policy-controlled, auditable runtime extensions.