Skills

Extend Fawx with WASM plugins. Skills add new tools, load at runtime, and run in a sandbox.

How skills work

Skills are WebAssembly modules that register new tools with the Fawx engine. When loaded, the agent can call them the same way it calls built-in tools. Skills run in a WASM sandbox with no direct access to the host filesystem or network unless explicitly granted.

Every skill is cryptographically signed. Fawx verifies the signature before loading and rejects unsigned or tampered modules.

Installing skills

Install a skill from the marketplace:

fawx skill install brave-search

List installed skills:

fawx skill list

Remove a skill:

fawx skill remove brave-search

Skills are stored in ~/.fawx/skills/ and loaded automatically on startup.

Hot reload

Skills support hot reloading. When you update a skill file, Fawx detects the change and reloads it without restarting. Active conversations continue with the updated tool definitions.

Available skills

The marketplace includes community and first-party skills:

brave-search: Web search via the Brave Search API.
web-fetch: Fetch and extract readable content from URLs.
scheduler: Schedule tasks and reminders.

More skills are being added regularly. You can also build and publish your own.

Building a skill

Skills can be written in any language that compiles to WASM. The most common choice is Rust.

Project structure

my-skill/
├── Cargo.toml
├── src/
│   └── lib.rs
└── skill.toml       # Skill metadata

skill.toml

[skill]
name = "my-skill"
version = "0.1.0"
description = "A brief description of what this skill does."

[[tools]]
name = "my_tool"
description = "What this tool does."

[[tools.parameters]]
name = "query"
type = "string"
description = "The input query."
required = true

Implementation

use fawx_skill_sdk::*;

#[fawx_tool]
fn my_tool(query: String) -> ToolResult {
    // Your logic here
    ToolResult::text(format!("Result for: {}", query))
}

Build and sign

# Build the WASM module
cargo build --target wasm32-wasi --release

# Sign the skill
fawx skill sign target/wasm32-wasi/release/my_skill.wasm

# Install locally for testing
fawx skill install --local ./my_skill.wasm

Signing

Fawx uses Ed25519 signatures for skill verification. Generate a signing key pair:

fawx auth keygen

This creates a key pair in ~/.fawx/keys/. The public key is included in the signed skill module. When publishing to the marketplace, your public key is registered with your publisher identity.

Security: Unsigned skills cannot be loaded. This prevents supply chain attacks where a modified skill could exfiltrate data or execute malicious actions through the agent.

Sandbox

Skills run in a WASM sandbox with these constraints:

No direct filesystem access. Skills use the host API to request file operations, which are subject to the same permission system as built-in tools.
No direct network access. HTTP requests go through the Fawx fetch API.
Memory is bounded. Each skill has a configurable memory limit.
Execution time is bounded. Long-running skills are terminated with an error.

← Tools Fleet →