Best ClawHub Skills: A Complete Guide

ClawHub (clawhub.ai) is the skill registry for OpenClaw, and the number of skills there has grown faster than most people expected. As of early 2026, the registry hosts thousands of community-built skills and the catalog keeps expanding. The real challenge is not finding skills. It is figuring out which ones are actually worth your time.

In this article, I'll walk you through the skills that show up repeatedly in community recommendations, have strong download numbers, and solve real problems. I also cover how to install and manage your skill stack, what to watch out for on the security side, and how to avoid the mistakes that catch most new users off guard.

Before diving in, a quick note on naming: you may see the registry referred to as "ClawdHub" in some older documentation and community threads. That spelling dates back to when the project was still called Clawdbot. The official name is now ClawHub, and that is what we will use throughout.

What Is OpenClaw?

OpenClaw is an open-source, self-hosted AI agent that runs locally on your machine. Austrian developer Peter Steinberger first released it in late 2025 under the name Clawdbot. After trademark disputes with Anthropic, it briefly became Moltbot before settling on OpenClaw in January 2026. 

The project amassed over 200,000 GitHub stars in a short period, making it one of the fastest-growing open-source repositories in recent memory. In February 2026, Steinberger announced that he was joining OpenAI to work on the next generation of personal agents, while OpenClaw itself moved into an independent open-source foundation so it could remain community-driven.

OpenClaw runs as a background daemon on your computer and connects to messaging platforms including WhatsApp, Telegram, Slack, Discord, Signal, and iMessage. When you send a message through any of these apps, the agent receives it, interprets it, and acts on it. That action could mean running a shell command, reading a file, browsing the web, managing email, or interacting with an external API.

The agent is model-agnostic. You can run it with Claude, GPT, Gemini, DeepSeek, or local models through Ollama. All data stays on your machine unless you explicitly send it somewhere. If you are new to OpenClaw, our OpenClaw tutorial covers the full setup process from scratch.

What Is ClawHub?

ClawHub is the skill marketplace for OpenClaw. Think of it as npm for AI agents. Anyone with a GitHub account at least a week old can publish skills. Anyone can install them. The registry uses vector-based semantic search powered by OpenAI embeddings, so you can find relevant skills using natural language queries rather than needing to know exact package names.

ClawHub's skill registry, organized by category. Image by Author.

Skills are not plugins or compiled binaries. Each skill is a directory containing a SKILL.md file with YAML frontmatter and markdown instructions. The frontmatter declares the skill's name, description, required binaries, and environment variables. The markdown body contains the natural language instructions the agent follows when it determines that skill is relevant.

The two-part structure of every ClawHub skill follows. Image by Author.

OpenClaw loads skills efficiently. At the start of each session, it snapshots a compact list of eligible skills into the system prompt. Full instructions are only loaded when the agent decides a skill matches the current task. This means you can have dozens of skills installed without significantly increasing token overhead on routine conversations.

Skills sit in a three-tier hierarchy. Workspace-level skills take priority, followed by managed skills in ~/.openclaw/skills/, and then the bundled skills that ship with OpenClaw itself. The bundled set includes around 50 official skills maintained by the core team, covering essentials like github, gog, summarize, obsidian, weather, and sonoscli.

Top ClawHub Skills by Category

ClawHub officially breaks skills into 11 categories: AI/ML, Utility, Development, Productivity, Web, Science, Media, Social, Finance, Location, and Business.

 I grouped them differently here, by what you would actually use them for day to day.

Every skill in this list is a real entry on ClawHub, picked based on download numbers, community feedback, and verified descriptions from the awesome-openclaw-skills repository. You can install any of them with:

clawhub install <skill-slug>

Search and research skills

A default OpenClaw install knows nothing about what happened yesterday. These skills fix that by giving the agent access to live information: the web, scientific databases, and structured content on demand.

• tavily-web-search is the most widely installed search skill on ClawHub. It connects to the Tavily API, which is optimized for AI agents rather than human browsers. The results come back in a structured format the agent can reason over directly.
• arxiv-watcher is useful for anyone tracking research. You tell it which topics or authors to watch, and it surfaces relevant new papers from ArXiv, which saves you from manually checking the feed every morning.
• google-search uses Google's Custom Search Engine API. Unlike general browsing, it returns clean, structured results. A good fallback when Tavily does not cover a specific domain.
• pubmed-edirect queries PubMed for peer-reviewed biomedical literature. Essential for anyone working in healthcare, life sciences, or academic research where preprint sources are not sufficient.
• exa-web-search-free runs free AI-powered web search via Exa. Useful for lower-stakes queries where you do not want to burn API credits on a paid service.
• brightdata wraps Bright Data's API for web scraping. Handles dynamic pages, pagination, and anti-bot measures that simpler fetch tools cannot.
• web-scraper-as-a-service builds client-ready web scrapers with clean data output. Works well for recurring tasks where you need the same structured data from a site on a schedule.

Coding and developer workflow skills

If you spend most of your day in a terminal or an IDE, this category is probably where you will spend the most time picking skills.

• github is one of the most downloaded skills on ClawHub. It wraps the GitHub gh CLI and lets the agent manage issues, pull requests, branches, and repository workflows directly from a chat message.
• coding-agent runs common coding tools (OpenAI Codex, Claude Code, and others) through a single unified skill. Useful when you want to delegate a coding task without switching environments.
• cursor-agent provides a full interface to the Cursor CLI. If Cursor is your primary IDE, this skill lets OpenClaw interact with your coding environment programmatically.
• debug-pro implements a structured debugging methodology that guides the agent through systematic isolation and resolution steps, which saves you from the back-and-forth of unguided trial and error across multiple languages.
• cc-godmode orchestrates multi-agent software work. When a task is too large for a single agent pass, this skill manages coordination between agents, tracks progress, and synthesizes results.
• buildlog records and exports coding sessions as shareable logs. Useful for documentation, retrospectives, or onboarding teammates on how a feature was built.
• test-runner writes and runs tests across languages, handling scaffolding, execution, and result interpretation in one pass.

Data and analytics skills

Most people underestimate how much data work you can hand off to OpenClaw once the right skills are installed. The best ones here wrap fast command-line tools rather than loading raw data into the model's context window, which keeps things fast and avoids token bloat.

• duckdb is the standout here. It runs fast analytics on CSV, Parquet, and JSON files using the DuckDB CLI, which saves you from spinning up a Jupyter kernel every time you need a quick filter or aggregation on a large file.
• faahim/csv-toolkit wraps Miller, csvkit, and xsv for text-data processing. It handles row analytics with xsv count, column statistics with csvstat, and complex multi-condition filtering with Miller's DSL. For large files, it uses index-based slicing to avoid memory exhaustion.
• senior-data-scientist covers the full data science workflow from exploration through modeling. It is a good starting point before layering in more specific tools.
• senior-data-engineer focuses on building ETL and ELT pipelines using tools like Spark, Airflow, dbt, and Kafka. Useful for anyone managing data infrastructure rather than doing ad hoc analysis.
• data-analyst covers SQL queries, spreadsheet analysis, and chart generation. It is more accessible than the data engineer skill and produces decision-ready reports as output.
• hugging-face-datasets manages dataset creation and querying on Hugging Face using DuckDB as the underlying engine. Useful for ML teams versioning and transforming training data without a separate pipeline.

DevOps and cloud skills

DevOps skills are where the power and the risk both peak. They are genuinely useful if you are comfortable with the underlying tools, and genuinely risky if you are not. The agent has shell access, so always verify what one of these skills is about to do before confirming it.

• docker-essentials builds, tags, and runs containers using production-ready Docker workflows. The agent handles syntax and sequencing so you can describe what you want in plain language.
• k8-multicluster manages multiple Kubernetes clusters and handles context switching safely. Useful for teams running workloads across dev, staging, and production environments.
• aws-infra guides AWS infrastructure work using the CLI and established best practices.
• hetzner controls Hetzner Cloud resources using the hcloud CLI. A practical choice for self-hosters and small teams running VPS workloads on a budget.
• nginx-config-creator generates reverse proxy configurations for Nginx and OpenResty deployments, which saves you from hunting down the exact directive syntax every time you set up a new service.

Productivity and knowledge management skills

This is usually the first category people reach for, and for good reason. These skills connect OpenClaw to the tools most people already use every day: email, notes, documents, and calendars.

• gog is the most downloaded skill in this category. It wraps the Google Workspace CLI and covers Gmail, Google Calendar, Drive, Docs, and Sheets. You can ask the agent to summarize yesterday's emails, check tomorrow's schedule, or find a file in Drive without leaving your chat interface.
• summarize handles URL summaries, PDF digestion, audio transcriptions, and document condensation. One of the bundled official skills, which means it is maintained by the core team and reliably updated.
• obsidian connects your local Obsidian vault. The agent can read and write notes, search across your knowledge base, and link content without you switching windows.
• notion gives the agent read and write access to Notion pages and databases via the Notion API. Create pages, update properties, and query databases through natural language.
• logseq does for Logseq what the Obsidian skill does for Obsidian. If you use graph-based note-taking, this skill keeps your agent in sync with your thinking.
• memory-hygiene cleans and optimizes OpenClaw's own vector memory on demand, which saves you from the gradual drift that happens when the agent carries months of stale or contradictory context into every new session.

Communication and messaging skills

Giving an agent access to your messaging accounts is a meaningful step. These skills are useful, but take a few minutes to understand what permissions each one requires before connecting it to anything live.

• agent-mail provides a dedicated email inbox for AI agents and handles inbound triage and reply drafting, which saves you from routing agent-related messages through your personal inbox.
• mailchannels sends email through MailChannels and handles signed ingestion flows. A practical choice for transactional email from agent workflows.
• discord-voice enables real-time voice conversations inside Discord voice channels. The agent joins a channel, listens, and responds via synthesized speech.
• whatsapp-styling-guide enforces consistent formatting rules on the agent's WhatsApp messages. Useful when you are connecting OpenClaw to a business WhatsApp number where message quality matters.
• clawsignal adds real-time agent messaging for alerts and coordination. Designed for scenarios where you want the agent to proactively reach out when something needs attention.

Security and governance skills

I would not skip this category. OpenClaw has root-level access to your system, and every skill you install inherits that access. These skills exist to give you visibility and control over what your agent is actually doing.

• agentguard adds monitoring and guardrails to reduce risky agent behavior, which saves you from discovering after the fact that the agent took an action you never intended to allow.
• prompt-guard defends against prompt injection, where malicious content in an external source tries to hijack the agent's behavior.
• clawscan scans skill bundles for red flags before installation. Think of it as a lightweight code review for skills you are about to trust with your machine.
• skill-scanner goes deeper, scanning installed skills and MCP servers for spyware-like behavior and unusual network activity.
• skills-audit runs a policy audit across all installed skills, useful for teams or anyone who wants a periodic review of accumulated permissions.
• config-guardian validates configuration changes before they take effect, preventing the agent from making updates to sensitive files in ways that could break your setup.

Most Downloaded ClawHub Skills

Download counts give a useful signal about community trust, though they are not a perfect proxy for quality. The numbers below reflect the ClawHub marketplace rankings at the time of writing and may have changed since publication.

Most downloaded ClawHub skills at time of writing. Image by Author.

Here are the most-downloaded skills on ClawHub right now:

• capability-evolver: An AI self-evolution engine that allows agents to autonomously review their own session logs and improve their behavior over time. Currently the most downloaded skill on the platform.
• wacli: A Swiss-army CLI tool for agent automation that covers a wide range of utility tasks.
• byterover: A multi-purpose task handler for utility and development workflows.
• self-improving-agent: A self-improving agent framework that learns from prior interactions to refine its responses.
• gog: Google Workspace CLI integration for Gmail, Calendar, Drive, Docs, and Sheets.
• agent-browser: Browser automation that lets the agent navigate the web, fill forms, and extract data from dynamic pages.
• summarize: One of the official bundled skills. Summarizes URLs, PDFs, documents, and audio.
• github: Full GitHub CLI integration.
• sonoscli: Controls Sonos speakers including playback, volume, and room grouping.
• weather: Fetches real-time weather conditions and forecasts for any location.

If you are setting up OpenClaw for the first time, this list is a reasonable starting point. These skills are widely adopted and battle-tested across many different setups, which means common bugs and edge cases are more likely to have already been caught. Skills that handle everyday tasks like email, search, and version control tend to stay installed permanently, while more specific integrations can be added as the need comes up.

How to Install and Manage ClawHub Skills

The ClawHub CLI handles search, installation, and updates. It is the main tool you will use to manage your skill stack, and it takes a few minutes to get set up. Start by installing it globally with npm:

npm i -g clawhub

Then authenticate with your GitHub account:

clawhub login

If you run into a "Missing state. Run the CLI again to start a fresh login." error here, you are not alone. The browser-based OAuth flow has a known bug that affects some setups. The workaround is to sign into the ClawHub website directly, generate a personal API token from your account settings, and then run:

clawhub login --token <your-token>

This bypasses the OAuth flow entirely and works reliably while the underlying issue is being fixed.

The commands below are the ones you will use most often once you are up and running:

# Search for skills by natural language query
clawhub search "calendar management"

# Install a skill
clawhub install <skill-slug>

# List installed skills
clawhub list

# Update all installed skills
clawhub update --all

# Remove a skill
clawhub remove <skill-slug>

Installing a ClawHub skill from the terminal. Image by Author.

By default, skills install into a ./skills folder in your current working directory. A lockfile at .clawhub/lock.json tracks versions. To pin a specific version:

clawhub install <skill-slug> --version 1.2.0

There is a second way to install skills that some users prefer. If you paste a GitHub repository link directly into the OpenClaw chat, the agent will handle the installation automatically. This is convenient, but it skips the review step, so it is better suited for skills you have already vetted.

After installing new skills, restart your OpenClaw session. Skills are snapshotted at session start, so additions during an active session will not take effect until you start a new one.

Security Considerations for ClawHub Skills

Before you install anything, it is worth understanding what happened to the ClawHub registry in early 2026. 

A coordinated attack campaign known as ClawHavoc distributed hundreds of malicious skills through ClawHub. Security researchers at Koi Security found that a significant number of skills on the registry were malicious, many using typosquatted names designed to look like legitimate tools (for example, clawhubb instead of clawhub). 

The malicious skills contained hidden scripts that established reverse shells and quietly exfiltrated SSH keys, API tokens, and browser session cookies.

The ClawHavoc incident unfolded over three weeks. Image by Author.

OpenClaw has since partnered with VirusTotal to improve the situation. Every skill published to ClawHub now gets a SHA-256 hash that is checked against VirusTotal's database. If no match exists, the full skill ZIP is uploaded for analysis using Google's Gemini-powered Code Insight tool. Skills flagged as suspicious show a warning; those flagged as malicious are blocked from the registry. This is a meaningful improvement, but it is not foolproof. Prompt injection payloads and novel attack techniques can still slip through static analysis.

Always read the SKILL.md file before installing. Look for suspicious prerequisite installation steps, obfuscated code, or base64-encoded commands. Use clawscan or skill-scanner as a first pass before trusting any new skill. And if you are running OpenClaw on a machine with sensitive credentials, use a sandboxed workspace root that limits what directories the agent can access.

Final thing: Skills run with the same permissions as the agent itself. If the agent has access to your .env files, your SSH keys, and your browser sessions, then so does every skill you install.

How to Choose the Right ClawHub Skills

You might be tempted to install many skills and see what sticks. That approach tends to backfire, and if you have done it before with browser extensions or VS Code plugins, you already know how it ends. Each installed skill adds context overhead, and more importantly, overlapping skills can confuse the agent about which one to use.

A better approach is to start with the most downloaded skills to do what you need. From there, add skills one at a time as a specific need comes up.

Most users run between 10 and 15 skills for everyday use. Teams running complex workflows may run more, but even these teams tend to isolate skills into dedicated workspaces rather than piling everything into one agent.

A solid starter stack covers most of what developers and knowledge workers need: gog for Google Workspace, github for version control, summarize for digesting content, and capability-evolver for self-improvement. Add obsidian or notion, depending on where you keep your notes.

When evaluating any new skill, check whether the required binaries and environment variables are already on your system. Skills with unmet dependencies silently fail to load, which can be confusing. The clawhub list command shows which skills are active, and the OpenClaw logs show why others were skipped.

Common Mistakes When Using ClawHub Skills

Installing without reviewing the source is the most common issue. The registry is open, which means anyone can publish. The security section above covers what to look for in detail, but the short version is: read the SKILL.md before you install.

Some other issues are:

• Not restarting after installation is a quiet failure mode, and it trips up new users more than almost anything else. As mentioned in the installation section, the session snapshot is taken at startup, so a skill added mid-session will not be active until you start a fresh one.

• Using multi-line YAML in the metadata field causes parse errors. If a skill you installed is not appearing, check the SKILL.md frontmatter for this.

• Putting secrets in SKILL.md instead of openclaw.json is a security mistake. The SKILL.md file is often shared publicly. API keys and credentials belong in the config file.

• Skill sprawl without documentation is the slow-burn problem. After a few months of installing skills reactively, you can end up with dozens you have not touched in weeks. A periodic audit with skills-audit keeps things clean and reduces the security surface area.

• Over-automation without guardrails compounds as the agent becomes more capable. An agent with browser access, email access, and shell access that receives a malicious prompt injection can do significant damage. agentguard and similar monitoring tools exist for this reason.

Conclusion

ClawHub is what gives OpenClaw most of its range. Without it, the agent is a capable general-purpose assistant with a decent set of bundled tools. With it, you can extend it into almost any workflow you care about.

The skills in this guide are a starting point, not an exhaustive list. My advice is to start with the most downloaded ones in the categories that match your actual work, read each SKILL.md before installing, and build your stack one skill at a time. 

If you’re serious about this workflow, our Building Custom OpenClaw Skills tutorial covers how to write and publish your own. For broader context on what OpenClaw can do, our OpenClaw projects Guide walks through nine real workflows worth building.

To learn more about AI agents and developer tools, check out our Guide to the best free AI tools. For hands-on agent development skills, our AI-Assisted Coding for Developers course is a good next step.