Skip to content

Skills

Skills are discrete capabilities that agents can invoke during conversations — like looking up a contact, generating a quote, or booking a calendar slot. They are the primary extension mechanism for the Komand platform.

A skill is defined by a contract that declares its identity, schemas, and required permissions:

{
"skillId": "crm-contact-lookup",
"name": "CRM Contact Lookup",
"description": "Search and retrieve contact information from the CRM",
"version": "1.0.0",
"publisherId": "komand-official",
"inputSchema": {
"type": "object",
"properties": {
"query": { "type": "string", "description": "Search term" }
},
"required": ["query"]
},
"outputSchema": {
"type": "object",
"properties": {
"contacts": { "type": "array" },
"totalCount": { "type": "integer" }
}
},
"requiredPermissions": [
{ "resource": "crm", "access": "read", "scope": null }
],
"declaredToolAccess": ["database"],
"isVerified": true,
"signatureHash": "sha256:abc..."
}
FieldDescription
skillIdUnique identifier, lowercase with hyphens
nameHuman-readable display name
versionSemantic version (major.minor.patch)
publisherIdPublisher who created the skill
descriptionWhat the skill does (shown to agents and users)
inputSchemaJSON Schema for accepted input
outputSchemaJSON Schema for returned output
requiredPermissionsPermissions the skill needs to function
declaredToolAccessPlatform tools the skill may invoke
isVerifiedWhether the skill has passed marketplace review
signatureHashCryptographic signature for integrity verification
Terminal window
curl -X POST http://localhost:5000/api/skills/ \
-H "Content-Type: application/json" \
-d @skill-definition.json

The registry enforces a maximum of 10,000 registered skills.

Terminal window
# All skills
curl "http://localhost:5000/api/skills/"
# Filter by publisher
curl "http://localhost:5000/api/skills/?publisherId=komand-official"
# Verified only
curl "http://localhost:5000/api/skills/?verifiedOnly=true"

Response:

{
"success": true,
"data": [
{
"skillId": "crm-contact-lookup",
"name": "CRM Contact Lookup",
"version": "1.0.0",
"publisherId": "komand-official",
"isVerified": true,
"publishedAt": "2026-01-15T00:00:00Z"
}
],
"meta": null
}
Terminal window
curl http://localhost:5000/api/skills/crm-contact-lookup

Skills are enabled per-agent via the agent’s enabledSkillIds configuration:

Terminal window
curl -X POST http://localhost:5000/api/agents/ \
-H "Content-Type: application/json" \
-d '{
"agentId": "sales-bot",
"name": "Sales Assistant",
"enabledSkillIds": ["crm-contact-lookup", "quote-builder", "calendar-book"]
}'

When the LLM decides to invoke a tool during a conversation, the agent checks:

  1. Is the skill in the agent’s enabledSkillIds?
  2. Are the agent’s granted permissions sufficient for the skill’s requiredPermissions?
  3. If both pass, a ToolGrain is created to execute the skill in isolation

Permissions are granular, with three components:

{
"resource": "crm",
"access": "read",
"scope": null
}
ComponentDescriptionExamples
resourceWhat the permission applies tocrm, network, filesystem, api:salesforce
accessType of accessread, write, execute
scopeOptional narrowingSpecific URLs, paths, or resource IDs

When a skill is invoked, the platform validates that the agent’s granted permissions cover all of the skill’s required permissions. Validation matches on resource:access pairs — the scope field is defined in the model but not yet enforced:

Skill requires: [{ resource: "crm", access: "read" },
{ resource: "calendar", access: "write" }]
Agent grants: [{ resource: "crm", access: "read" },
{ resource: "calendar", access: "write" },
{ resource: "email", access: "send" }]
Result: All required permissions covered
Skill requires: [{ resource: "crm", access: "read" },
{ resource: "crm", access: "write" }]
Agent grants: [{ resource: "crm", access: "read" }]
Result: Missing crm:write — execution blocked

If validation fails, the execution is blocked and a PermissionDenied audit event is logged.

Skills will run in isolated environments. This is a core security guarantee — not an optional feature.

ConstraintEnforcement
File systemNo access outside the skill’s temp directory
NetworkNo outbound access unless network:outbound is declared
CPU / memoryHard limits enforced by the container or WASM runtime
TimeoutExecutions exceeding their timeout are terminated (max 30 minutes)
Input validationAll inputs validated against the declared schema
Output sanitizationSkill outputs sanitised before being fed back to the LLM
  1. Container sandbox — Docker containers with restricted capabilities, no host access
  2. WASM runtime — WebAssembly modules for lightweight, portable isolation

When an agent invokes a skill:

AgentGrain receives LLM tool_call
Validates skill exists in SkillRegistryGrain
Validates permissions against agent's grants
Creates ToolGrain with unique executionId
ToolGrain.ExecuteAsync()
├── Status: Pending → Running
├── Executes with enforced timeout
├── Status: Running → Completed | Failed | TimedOut | Cancelled
└── Returns ToolExecutionResult
AgentGrain feeds result back to LLM
Terminal window
curl -X DELETE http://localhost:5000/api/skills/crm-contact-lookup

Unregistering a skill removes it from the global registry. Agents that had the skill enabled will no longer be able to invoke it.

To build your own skills, see the SDK Overview and Skill Development guides.

SettingDefaultDescription
Max registered skills10,000Global registry capacity
Max tool execution timeout30 minutesPer-execution limit