skill-hub
OpenClaw skill discovery, security vetting & install. Searches 3000+ curated skills from ClawHub registry and awesome-openclaw-skills catalog. Scores credibility, detects prompt injection & malicious patterns, manages installations. Quick-checks GitHub for new skills.
Why use this skill?
Unified management for OpenClaw skills. Discover thousands of curated tools, scan for security threats, and keep your AI agent ecosystem safe and updated.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/phenixstar/skill-hubWhat This Skill Does
Skill Hub acts as the central command center for all OpenClaw extensibility. It bridges the gap between raw code repositories and a production-ready AI agent environment. By managing a database of over 3,000 curated skills, it provides discovery, security vetting, and seamless installation. The primary value proposition lies in its multi-layered security engine, which analyzes both code-level threats (like shell injection or malicious network calls) and prompt-level attacks (like role hijacking or social engineering), ensuring that the skills integrated into your agent are not only functional but also secure.
Installation
To begin managing your AI agent's ecosystem, install the Skill Hub directly via the ClawHub registry:
npx clawhub@latest install openclaw/skills/skills/phenixstar/skill-hub
Once installed, ensure your local registry is synced to the latest GitHub awesome-openclaw-skills catalog by running:
python3 scripts/skill-hub-sync.py
Use Cases
- Security-First Development: Developers building production AI agents can use the vetting suite to scan dependencies for prompt injection vulnerabilities before deploying to end-users.
- Discovery & Onboarding: Easily find tools for niche tasks—such as specific API integrations or complex data analysis scripts—by filtering the catalog by category or high credibility scores.
- Maintenance & Monitoring: Use the status dashboard to track your agent’s capabilities, identify unvetted components, and quickly update or rotate skills to maintain peak performance and security posture.
Example Prompts
- "Search for the best available DevOps-related skills that have a credibility score above 80 and show me their installation commands."
- "Scan all currently installed skills for security vulnerabilities, specifically looking for any attempts at environment variable harvesting or unauthorized network access."
- "Is there a new skill on the registry that can handle calendar scheduling? Please run a quick check for updates and provide a recommendation based on popularity."
Tips & Limitations
- Leverage Credibility Scores: Always prioritize skills in the 'Trusted' tier (85-100) for production environments.
- Regular Vetting: Run
python3 scripts/skill-hub-vet.py --all-installedweekly, as new security patterns are constantly identified in the evolving AI landscape. - Limitations: The quick-check tool relies on the
ghCLI; ensure you are authenticated with GitHub to avoid rate limiting during large catalog syncs. While the security scanner is robust, it acts as an additional layer of defense and should not replace manual code review for critical infrastructure skills.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-phenixstar-skill-hub": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-read, code-execution