What ClawHub offers
ClawHub is to OpenClaw what an app store is to your phone. Community developers and vendors publish skills — pre-built capabilities that teach your agent new tricks. Over 50 integrations are available, covering productivity tools, communication platforms, developer utilities, and smart home devices.
Skills range from simple (post to Slack when a file changes) to sophisticated (monitor your email, categorise messages, draft replies, and flag anything urgent). Each skill is a self-contained module you can install, configure, and modify.
Security and trust
ClawHub's open publishing model has been exploited at scale. In the "ClawHavoc" campaign of early 2026, researchers found 341 malicious skills across the marketplace — around 12% of all listings at the time. 335 of those delivered Atomic Stealer (AMOS), a macOS malware that harvests credentials, browser passwords, and cryptocurrency wallets. Attackers disguised malicious skills as popular tools (crypto trackers, YouTube utilities, Google Workspace integrations), and one spoofed skill racked up over 7,700 downloads before removal.
The attack was made worse by prompt injection — malicious instructions embedded in skill code that manipulate the AI agent's behaviour. Because OpenClaw has access to private data and can communicate externally, poisoned skills can lie dormant and activate later when conditions align — a form of time-shifted prompt injection that's difficult to catch through code review alone. A separate analysis found 7.1% of all ClawHub skills exposed API keys and credentials in plaintext.
ClawHub introduced VirusTotal scanning in response, which catches known malware signatures but won't detect novel prompt injection payloads or obfuscated scripts. Treat every ClawHub skill as untrusted code. Review the source, stick to verified publishers with active maintenance, and never grant broad system access to skills you haven't audited.
Building custom skills
If ClawHub doesn't have what you need, OpenClaw can write its own extensions — or you can build custom skills and publish them for your team. This makes it practical to create internal automation tools that are reusable across projects.