Locked-down Codex agents may see skills but not read SKILL.md

A OpenClaw v2026.6.1 setup has a problem when the model runs through the . The connection uses a through OAuth, not a paid API key. The agent is deliberately locked down with sandbox.mode: all and workspaceAccess: ro, and tools such as exec, process, write, edit, apply_patch, and browser are blocked.

This is meant to keep the agent safe while it reads untrusted content, so it cannot use a shell or write to files. The workspace skill setup appears correct: SKILL.md exists, the on-disk file matches the sandbox seed copy byte for byte, and openclaw skills check says the skill is ready and visible to the model. The failure appears when the skill depends on an exact template inside SKILL.md.

The agent produces the wrong output, and when asked to open and quote the file, it says it has no file-reading tool. That suggests the agent can see the skill catalog but cannot read the real skill body, so it tries to rebuild the template from memory or partial metadata.

Key points

  • The setup uses OpenClaw v2026.6.1 with the and OAuth access.
  • The agent runs in a strict sandbox with read-only workspace access.
  • Shell, process, write, edit, patch, and s are blocked on purpose.
  • OpenClaw reports that the skill is ready and visible to the model.
  • The agent still fails because it cannot read SKILL.md and guesses the template instead.
Read original