Searches for ClawHub exploded in 2026 for one simple reason: OpenClaw became the most talked-about open-source AI agent on the internet, and ClawHub is its app store. If you have seen people on X claiming their personal AI assistant books flights, manages their calendar, and replies to their Telegram messages, ClawHub is where most of those capabilities came from.

This guide explains what ClawHub actually is, how the registry works, how to install and publish skills, how it compares to other skill ecosystems, and what the well-documented security incidents of early 2026 mean for you in practice.

What Is ClawHub?

ClawHub is the public skill and plugin registry for OpenClaw, the open-source AI agent framework that runs locally and connects to messaging platforms like Telegram, Discord, and WhatsApp. The cleanest mental model: ClawHub is to OpenClaw what npm is to Node.js. Developers publish versioned packages; users install them with one command; the registry handles search, versioning, and distribution.

The unit of distribution is a skill: a folder containing a SKILL.md file plus any supporting scripts or assets. The SKILL.md describes what the skill does and gives the agent step-by-step instructions for doing it. Because skills are mostly plain text, anyone who can write clear instructions can publish one, which explains how the catalog grew from roughly 10,000 skills in January 2026 to more than 31,000 by March.

The registry itself is open source at github.com/openclaw/clawhub, and the official documentation lives at docs.openclaw.ai/clawhub.

How ClawHub Works Under the Hood

ClawHub exposes three core capabilities, all reachable from the OpenClaw CLI or the standalone clawhub CLI:

• Search: full-text search across skill names, descriptions, and tags. Results rank by a mix of downloads, recency, and community signals.
• Install and update: openclaw skills install pulls the versioned skill bundle into your workspace. Updates are explicit, not automatic, which is good for stability and security.
• Publish and sync: the clawhub CLI lets authors push new versions, manage metadata, and sync a local skills folder against the registry.

Two installation scopes matter in practice:

• Workspace scope (default): the skill lands in the active workspace's skills/ directory and only that agent sees it.
• Global scope (--global): the skill installs into ~/.openclaw/skills, visible to every local agent unless an agent's allowlist narrows it.

This scoping model mirrors how Claude skills separate project-level from user-level skills, and it is worth getting right: a skill you only trust for one sandboxed agent should never be installed globally.

Installing Skills from ClawHub

Assuming OpenClaw is already running on your machine, installation is a one-liner:

openclaw skills install weather-briefing

or, for all local agents:
openclaw skills install weather-briefing --global

After installation, the agent picks up the new SKILL.md on its next session. Three practical tips that save people grief:

• Pin what works. Skills are versioned. If a skill behaves well, note the version; a later update can change behavior or, in the worst case, introduce malicious code in a previously clean package (a classic supply-chain pattern).
• Read before you run. Open the SKILL.md and every referenced script before the first run. If a "PDF converter" skill contains a curl-pipe-to-bash setup step, walk away.
• Start workspace-scoped. Only promote a skill to --global after it has earned trust in one workspace.

Publishing Your Own Skill

Publishing follows the npm pattern: authenticate the clawhub CLI, point it at your skill folder, and push. The registry stores each version immutably, so consumers can pin and audit. A good ClawHub listing has:

• A SKILL.md with a clear one-paragraph description and explicit trigger conditions
• No opaque binaries; scripts in readable source form
• A README documenting required API keys and what data the skill touches
• Semantic versioning with a changelog

If you have written Claude Code skills before, the authoring model will feel identical: the SKILL.md convention is shared across both ecosystems, which is also why porting between them is usually easy.

ClawHub vs Other Skill Registries

ClawHub is the biggest open registry for agent skills, but it is not the only place to find capabilities for your AI stack:

The honest summary: ClawHub wins on raw volume and community velocity, while curated directories win on signal-to-noise. The OpenClaw ecosystem moves astonishingly fast, and if you want yesterday's viral skill, ClawHub has it today. If you want the ten skills actually worth your time, a curated layer on top, like our top 10 Claude skills roundup, gets you there faster.

The Security Problem Nobody Should Ignore

ClawHub's open-publish model produced the predictable outcome: it became the highest-profile AI supply-chain attack surface of 2026. This is not hypothetical. The incidents below are documented by multiple independent security teams.

Timeline of ClawHub Security Incidents

• February 2026, Snyk "ToxicSkills" research: an automated audit found roughly 36% of analyzed agent skills contained security flaws, including about 1,467 vulnerable skills and active malicious payloads hidden in setup instructions.
• February 2026, top-chart malware: the most-downloaded skill on the registry at one point was functional malware that exfiltrated SSH keys while pretending to be a productivity tool.
• February 2026, VirusTotal partnership: OpenClaw responded by integrating VirusTotal scanning for every published skill, a meaningful (though not sufficient) mitigation.
• March 2026, 820 malicious skills: researchers identified 820 malicious skills in the marketplace in a single sweep, most using obfuscated install steps in SKILL.md as the execution path.
• March 2026, ranking manipulation: Silverfort demonstrated that the popularity ranking could be gamed, letting an attacker push a malicious skill to the number one slot where unsuspecting users grab it.

The structural issue is that a SKILL.md is not just documentation, it is an instruction set a capable agent will follow, including any embedded shell commands. When SKILL.md becomes an installer, every skill is potential code execution. Our MCP server security guide covers the same class of risk on the MCP side, and the defensive posture is identical.

How to Vet a ClawHub Skill Before Installing

1. Read the entire SKILL.md, especially any setup or install section. Obfuscated base64 blobs, curl-pipe-bash, or "run this once to activate" steps are immediate disqualifiers.
2. Check the author: account age, other published skills, linked GitHub profile with real history.
3. Check the repo: a skill with public source, stars, and issues is auditable; a registry-only blob is not.
4. Ignore download counts as a trust signal. The ranking manipulation research proved popularity can be bought or botted.
5. Scope tightly: workspace install first, no --global, and run the agent with the least credentials that still let the skill function.
6. Watch outbound traffic on first run if the skill touches anything sensitive.

Which Skills Are Actually Worth Installing?

After the noise filters out, the genuinely useful ClawHub catalog clusters into five categories: messaging automation (Telegram, Discord, WhatsApp workflows), research and summarization pipelines, dev tooling (deploy helpers, log watchers, repo chores), home and personal ops (calendars, reminders, shopping lists), and business back-office bundles like the ones we covered in our OpenClaw business kits guide.

Directory entries worth a look if you are exploring the ecosystem from the Claude side: OpenClaw Skill (the bridge skill pattern), OpenClaw Admin (agent administration tooling), and openclaw-mcp (an MCP server that exposes OpenClaw functions to any MCP client).

Does ClawHub Work with Claude Code?

Not natively, but the overlap is bigger than you would expect. Both ecosystems standardized on the SKILL.md convention, so a text-only ClawHub skill (a prompt workflow, a checklist, a writing style guide) usually drops straight into ~/.claude/skills/ and works. Skills that call OpenClaw's plugin API, rely on its messaging integrations, or assume a long-running daemon do not port without rework.

If you are deciding between the runtimes themselves rather than the registries, our OpenClaw vs NanoClaw vs Claude Code comparison breaks down which agent framework fits which use case, and the NanoClaw vs OpenClaw piece covers the security-first fork that emerged partly in response to the ClawHub incidents above.

Verdict: Should You Use ClawHub?

Yes, with your eyes open. ClawHub is the largest, fastest-moving skill registry in the agent ecosystem and the default way to extend OpenClaw. The community produces genuinely creative capabilities weekly. But its open-publish model means you are the last line of defense: read every SKILL.md, distrust download counts, install workspace-scoped, and never hand a freshly installed skill production credentials.

Treat it the way a senior engineer treats npm: indispensable, and never blindly trusted.

Frequently Asked Questions

Last updated: June 11, 2026 · Skiln tracks OpenClaw, ClawHub, and MCP ecosystem releases daily across 13 source registries.