From 6fb413f4749dd611fa276639f742e3bd0650c314 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Fri, 27 Feb 2026 09:16:58 -0800 Subject: [PATCH] docs(security): include full capability list in gateway model --- docs/gateway/security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md index 75f06c466d8..c78b4d8018b 100644 --- a/docs/gateway/security/index.md +++ b/docs/gateway/security/index.md @@ -219,7 +219,7 @@ If a macOS node is paired, the Gateway can invoke `system.run` on that node. Thi Community skills (installed from ClawHub) are subject to runtime security enforcement: -- **Capabilities**: Skills declare what system access they need (`shell`, `filesystem`, `network`, `browser`, `sessions`) in `metadata.openclaw.capabilities`. No capabilities = read-only. Community skills that use tools without declaring the matching capability are blocked at runtime. +- **Capabilities**: Skills declare what system access they need (`shell`, `filesystem`, `network`, `browser`, `sessions`, `messaging`, `scheduling`) in `metadata.openclaw.capabilities`. No capabilities = read-only. Community skills that use tools without declaring the matching capability are blocked at runtime. - **SKILL.md scanning**: Content is scanned for prompt injection patterns, capability inflation, and boundary spoofing before entering the system prompt. Skills with critical findings are blocked from loading. - **Trust tiers**: Skills are classified as `builtin`, `community`, or `local`. Only `community` skills (installed from ClawHub) are subject to enforcement — builtin and local skills are exempt. Author verification may be introduced in a future release to provide an additional trust signal. - **Command dispatch gating**: Community skills using `command-dispatch: tool` can't dispatch to dangerous tools without declaring the matching capability.