OpenClaw Field Guide

Section 11: ClawHub and GitHub - Finding Skills Safely

Most users discover skills from two places:

  • ClawHub (the marketplace experience)
  • GitHub (source repositories)

Both are useful. Neither should be treated as automatically safe.

The goal is not paranoia. The goal is clean judgment.

Start with ClawHub for discoverability

ClawHub is usually the fastest path to discover, install, and maintain skills without manually copying files around.

Install command:

🖥️ Type this in your terminal:

npx clawhub@latest install [skill-name]

Update command:

🖥️ Type this in your terminal:

npx clawhub@latest update [skill-name]

That gives you a repeatable workflow: browse → install → test → update.

::: beginner "Installable" does not mean "approved by security experts." It means "published and available." You still need basic verification. :::

The typosquatting trap (realistic examples)

Typosquatting is when someone publishes a malicious package with a name that looks almost identical to a trusted one.

For example, imagine you intend to install:

  • weather

But you accidentally install:

  • weahter

Or you intend:

  • openclaw-memory

But install:

  • openclaw-memorry

Those one-letter differences are easy to miss when you're moving fast.

Why this works on people:

  • Your brain autocorrects familiar words.
  • You focus on task completion, not character-by-character spelling.
  • Attackers intentionally pick names that "look right at a glance."

::: warning Before pressing enter, re-read the exact skill name character by character. This one habit prevents a surprising number of compromise attempts. :::

A safe install checklist (30 seconds)

Before installing any third-party skill, ask:

  1. Is the name exactly right? (watch for swapped/missing/doubled letters)
  2. Who published it? (is this a known or verified source?)
  3. Is the README clear? (what it does, how it works, what it touches)
  4. Does access requested match purpose?
  5. Did it pass automated scanning (if available)?

If two or more answers are weak, skip it.

GitHub as a source: useful, but review first

GitHub is where many great skills live early. It's also where low-quality or risky repos appear first.

Green flags on GitHub:

  • Clear README with examples and limitations
  • Meaningful commit history over time
  • Issues/discussions that show maintainer responsiveness
  • Changelog or release notes

Red flags on GitHub:

  • No README or vague "just run this script" instructions
  • Brand-new repo with copied text and no history
  • Obfuscated scripts or encoded blobs with no explanation
  • Instructions asking for root/admin execution "for convenience"
  • Requests for credentials unrelated to the claimed feature

::: tip If a skill claims to "help with reminders" but asks for broad file-system access and network tunneling, that mismatch is your answer: do not install. :::

What to do when you're unsure

You don't need to be a security engineer to stay safe. Use this practical fallback:

  • Pause install
  • Ask your assistant to summarize the repository behavior in plain language
  • Ask specifically: "What files/scripts run during setup and what permissions are implied?"
  • Install only if the explanation is coherent and narrow

Unclear behavior is a valid reason to walk away.

Updating safely (not blindly)

Updates can fix bugs and security issues, but they can also introduce behavior changes.

Use a light process:

  1. Check what changed (release notes/commits)
  2. Update
  3. Test one or two normal workflows
  4. Roll back or disable if behavior drifts

Update command reminder:

🖥️ Type this in your terminal:

npx clawhub@latest update [skill-name]

Version pinning vs latest (simple rule)

For most non-technical users:

  • Use latest for low-risk utility skills
  • Be more cautious for skills tied to critical workflows (billing, outbound messaging, automation with side effects)

If a skill is mission-critical, avoid same-day updates right before a high-stakes task.

Example: safe adoption flow in real life

Let's say you want a new analytics helper skill.

Safe flow:

  1. Find candidate on ClawHub
  2. Confirm exact spelling and publisher identity
  3. Read README and verify requested access is sensible
  4. Install using the standard command
  5. Test in a low-risk context
  6. Keep notes on behavior and any surprises
  7. Update later only after reading changes

This takes a few extra minutes up front and can save hours of cleanup later.

::: action Create your own "approved list" of skills you trust. Default to that list. Add new skills only when they solve a clear problem. :::

Bottom line

ClawHub and GitHub are excellent resources when used with a security mindset.

You don't need to fear them. You just need to avoid autopilot.