Files
Peter Steinberger f7d7148cf0 docs: rewrite published docs grounded in current source (#100142)
Source-grounded rewrite of 529 published docs pages with per-unit information-loss verification: 1,713 factual corrections cited to src/**, generated surfaces regenerated, frontmatter titles preserved for i18n, release notes pages untouched. All docs gates green.

Closes #100141
2026-07-05 00:32:47 -04:00

3.5 KiB

summary, read_when, title
summary read_when title
ClawHub CLI entry points for discovering, installing, publishing, and verifying OpenClaw skills and plugins.
You want to use ClawHub from the command line
You want to install ClawHub skills or plugins through OpenClaw
You want to publish ClawHub packages
ClawHub CLI

ClawHub CLI

Two command-line surfaces talk to ClawHub:

  • openclaw skills / openclaw plugins - discover, install, and update packages for a local OpenClaw agent or Gateway.
  • The standalone clawhub CLI - publisher workflows: login, publish, sync, and transfer.

Discover and install

openclaw skills search "calendar"
openclaw skills install @owner/<slug>
openclaw skills install @owner/<slug> --version <version> --global
openclaw skills update @owner/<slug>
openclaw skills update --all --acknowledge-clawhub-risk
openclaw skills verify @owner/<slug> --card

openclaw plugins search "calendar"
openclaw plugins install clawhub:<package>
openclaw plugins install clawhub:<package> --acknowledge-clawhub-risk
openclaw plugins update <id-or-npm-spec>
openclaw plugins update --all

Skill installs target the active workspace skills/ directory by default; add --global for the shared managed skills directory. Plugin installs need the explicit clawhub: prefix to force ClawHub resolution over npm, git, or a local path. Full flag reference: openclaw skills and openclaw plugins.

Release trust

OpenClaw checks a release's ClawHub trust state before downloading it, for both skills and plugins. Versioned releases use exact-release trust metadata; resolver-backed GitHub skills go through ClawHub's install resolver, which enforces scan and force-install policy before returning a pinned commit.

  • Malicious or blocked releases are refused outright.
  • Risky releases (non-clean scan, non-blocking moderation state) print a warning and require --acknowledge-clawhub-risk to continue non-interactively.
  • Official ClawHub publishers/packages and bundled OpenClaw sources skip the trust prompt and security-verdict fetch entirely.

Publish and maintain

Install the standalone CLI once, then log in:

npm i -g clawhub
clawhub login

Publish a plugin package (folder path, GitHub repo owner/repo[@ref], or tarball URL) with clawhub package publish:

clawhub package publish ./my-plugin --dry-run
clawhub package publish ./my-plugin
clawhub package publish your-org/your-plugin@v1.0.0

Publish a skill folder with clawhub skill publish:

clawhub skill publish ./skills/review-helper
clawhub skill publish ./skills/review-helper --version 1.0.0 --owner your-org

Other maintenance commands:

clawhub sync --all                                          # scan local skills, publish new/updated ones
clawhub package transfer @old-owner/package --to new-owner   # move a plugin package to another publisher
clawhub skill rename old-slug new-slug                       # rename a published skill, redirect the old slug
clawhub explore --sort trending                              # browse the registry, sorted by trending