Skills Framework
v3.8.1Last updated: 2026-05-13
Was this page helpful?
Loading OmniRoute...
Source of truth: and
Last updated: 2026-05-13 — v3.8.0
) — shipped with OmniRoute. Cover the common cases:, — per-API-key sandbox workspace under
- — outbound HTTP through
with
- — pluggable search provider with caching (
)
- — Docker-sandboxed
or execution
- — Docker-sandboxed shell command
- — Playwright-backed scaffolding, disabled by default (
)
- SkillsMP (the OmniRoute Marketplace) — fetched from
. Requires in Settings.
- SkillsSH (
community catalog) — fetched from . No auth needed; SKILL.md content pulled from GitHub raw.
). Switch it under Settings → Memory & Skills. Default: .
in the in-memory registry (). Version must be semver (). understands , , , , , , , and exact-match constraints.
| (default 3) |
is the default for marketplace-installed skills. and together mean "registered but inactive" — toggling via the legacy column also bumps so older codepaths stay consistent ().
table with the following statuses ():
enum SkillStatus {
PENDING = "pending",
RUNNING = "running",
SUCCESS = "success",
ERROR = "error",
TIMEOUT = "timeout",
}
is a singleton with a 60-second TTL cache (). is idempotent and dedupes concurrent calls via . Any write (//) invalidates the cache. Look up versions via and .
in is the entry point that turns registered skills into provider-specific tool definitions:
- Anthropic —
- Google (Gemini) —
so the handler can pick the right version when the model calls it back.
, each candidate skill is scored against the request context ( in ):
skills with are injected. Ties are broken by (desc), then alphabetical name ().
in is invoked by the chat handler after the upstream returns a tool-calling response:
/ Responses , Anthropic , Gemini ).
- →
) are resolved first. Built-in handlers run inline.
- .
- ,
items, or Anthropic blocks as appropriate.
in the execution context can be set to to allow only built-in interception (used by request paths that explicitly disable user-defined handlers).
, ) run inside Docker via (). Every container is launched with:
):
+ |
||
and are tmpfs |
and are exposed for shutdown; running containers are tracked in .
in :
| (1 MB) | and |
|
| response body | ||
or to allow per-call opt-in |
||
, , . Any additions via are merged with the defaults; unknown images are rejected by .
env var. The non-sandbox handler timeout is hard-coded to 30 s in () but can be overridden at runtime via .
and resolve every path relative to a per-API-key workspace at . Path traversal () and forbidden segments (, , , , , ) are rejected before any disk I/O.
():
(private/loopback ranges blocked) defines a that decides between (in-process) and execution per call, with an retry path on timeout/memory errors. The wired-in / implementations are stubs (, return placeholder objects) — treat this module as a contract under construction. Real execution still goes through + .
and tables, with indexes on and .
- — adds
, , (JSON), to .
is constrained at the database level: .
. Management endpoints (, , ) require management auth via . The marketplace/install flows use the lighter (session or API key).
| GET | List registered skills. Supports , , , pagination |
| | PUT | Update or |
| | DELETE | Unregister by id |
| | POST | Install a custom skill (handler code + schema) |
| | GET | Search the SkillsMP catalog (returns popular defaults when is empty) |
| | POST | Install a SkillsMP skill (requires active provider = ) |
| | GET | Search the skills.sh catalog (, capped at 100) |
| | POST | Install a skills.sh skill (requires active provider = ) |
| | GET | Paginated execution history () |
| | POST | Execute a registered skill ad-hoc |
endpoint returns HTTP with when (). Operators can flip the master switch from Settings → AI.
curl -X POST http://localhost:20128/api/skills/install \
-H "Authorization: Bearer $OMNIROUTE_MGMT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "reverse-text",
"version": "1.0.0",
"description": "Reverses a string",
"schema": {
"input": { "type": "object", "properties": { "text": { "type": "string" } }, "required": ["text"] },
"output": { "type": "object", "properties": { "reversed": { "type": "string" } } }
},
"handlerCode": "echo-handler",
"apiKeyId": "your-api-key-id"
}'
string is a handler name lookup — not executable code. The executor maps it via (). Marketplace installs store the SKILL.md text in this field as documentation and route execution through model-generated tool calls. Arbitrary user-supplied source is not eval'd.
). They are auto-registered when the MCP server boots.
, , |
|
MCP-SERVER.md for transport setup and scope assignments.
exports the A2A skill descriptor and a helper. Custom A2A skills live in and are dispatched via (). See A2A-SERVER.md for the full task lifecycle.
(or a sibling file under ). Signature: .
- Sandboxed code path? Call
. Use against the allowlist.
- Filesystem path? Always pass through
before touching disk.
- Network call? Use
with ; sanitize headers via .
- Register by adding the entry to
(or calling -style at boot).
- Wire built-in tool aliases (optional) in
() if the upstream model emits a different name.
- Tests in
(Vitest).
field must match the registered handler name). or via . blocks all execution and returns HTTP on . The registry continues to load.
- Lock down egress: keep
unset (default) for fully air-gapped sandboxing. Per-call still requires the master gate.
- Allow specific images: set
to extend the allowlist.
- Audit executions:
and both query . Successful runs include ; failures include .
- Cache invalidation: call
after manual DB edits; otherwise wait 60 s.
- Anonymous workspace: when
is empty, all calls hash to the same workspace — share-aware code should always pass a real key.
,