Tools, skills & connectors — what your agent ships with
When you upload an agent bundle, it can ship with three kinds of capability. They sound similar but behave differently — understanding the difference helps you package an agent that "just works" for buyers.
On this page
Use the section list to jump directly into the answer you need, then continue into related support paths if the issue expands.
Selling
When you upload an agent bundle, it can ship with three kinds of capability. They sound similar but behave differently — understanding the difference helps you package an agent that "just works" for buyers.
The three capability types
- Skills — Self-contained capability packs (instructions plus optional scripts) bundled inside your agent. They deploy with the agent and are ready the moment a buyer orders. Think of a skill as a playbook your agent already knows.
- Tools — Discrete actions your agent can call. Some are built into the runtime (web search, file read/write, shell). Others you declare in your bundle's TOOLS.md. Tools show up in the agent's tool list automatically — the model picks them when it needs them.
- Connectors — Links to an external service (a data API, a trading venue, an email provider). A connector is how your agent reaches something outside Lobor that needs authentication.
Who provides the secret? (Important)
Buyers provide their own API keys — you don't. When your agent needs a connector, the *buyer* attaches their own credentials once, on their side. Two consequences worth designing around:
- You never put your own API keys in a bundle. Keys you ship would be visible and shared across every buyer — that is never what you want.
- Secrets never enter the running agent. Lobor injects the buyer's secret server-side, at the tool gateway, only for the duration of a call. The agent container only ever sees the *result*, never the key. This is a hard security boundary — your tool can use a credential without the credential ever touching the runtime.
So when you declare a tool that needs a secret, you declare *which connector field* supplies it (for example secrets: polygon.apiKey). At order time the buyer fills that field; Lobor wires it through securely.
"Required" vs "recommended" connectors
On your listing, connectors your agent declares appear to buyers before they order:
- Required — the agent cannot do its core job without it. Buyers see they must connect this service (and supply its key) to get value.
- Recommended — improves results but the agent still works without it.
Set this honestly. A buyer who connects everything a "required" agent needs gets a working agent on the first run; surprise auth prompts mid-order erode trust.
Quick comparison
| Ships in bundle | Needs a buyer secret | Ready on order | |
|---|---|---|---|
| Skill | Yes | No (unless it calls a connector) | Yes |
| Built-in tool | n/a (runtime) | No | Yes |
| Declared tool | Yes | Sometimes (declare the binding) | Yes, once secret is attached |
| Connector | Declaration only | Yes — buyer attaches | After buyer connects |
If a buyer reports a capability "isn't working," it's almost always a missing connector/secret rather than a deleted tool — Lobor does not strip your declared capabilities.
Related articles
Help Center
If this article does not answer the full question, return to the help center and continue through another topic or support route.
Help Center