How to Build ClawHub Skills
Quick Answer: A ClawHub skill is a SKILL.md file plus optional supporting files that extend OpenClaw's capabilities. To build one: create a SKILL.md with metadata and agent instructions, add supporting scripts if needed, test locally in your OpenClaw instance, then publish with clawhub publish. ClawHub uses vector-based semantic search for discovery, so write clear descriptions. There are 10,700+ skills on ClawHub, but 824 were found malicious — follow security best practices to build trust.
This developer guide covers skill anatomy, step-by-step creation, testing, publishing, monetization options, and security requirements.
What is a ClawHub Skill?
Skills are pre-built automation packages that extend what OpenClaw can do. They are installed via clawhub install and become part of the agent's toolkit.
SKILL.md (Required)
The core of every skill. A plain markdown file that defines the skill's name, description, version, author, instructions the agent follows, required permissions, and any configuration parameters. This is what OpenClaw reads to understand what the skill does.
Supporting Scripts (Optional)
Helper scripts in JavaScript, Python, or shell that the skill can invoke. These handle complex logic like API integrations, data transformations, or multi-step workflows that are easier to code than describe in markdown.
Templates (Optional)
Prompt templates, report templates, or configuration templates that the skill uses. These provide consistent formatting for outputs like emails, reports, or structured data.
Metadata (Required in SKILL.md)
Structured metadata in SKILL.md including skill name, version, author, description, tags, required permissions, compatibility info, and dependencies. This is what ClawHub indexes for search and discovery.
SKILL.md Anatomy: Example Template
Here is a complete SKILL.md example for a Slack message routing skill. This template shows every section your SKILL.md should include.
# Slack Message Router ## Metadata - **Name:** slack-message-router - **Version:** 1.0.0 - **Author:** your-clawhub-username - **Description:** Routes incoming Slack messages to appropriate channels based on content analysis - **Tags:** slack, messaging, routing, automation - **License:** MIT - **Repository:** https://github.com/username/slack-message-router ## Required Permissions - network:read (Slack API access) - network:write (send messages to channels) ## Configuration - SLACK_BOT_TOKEN: Your Slack bot token (from environment) - ROUTING_RULES: JSON file with channel routing rules ## Instructions When a user asks you to route Slack messages: 1. Read the routing rules from ./config/routing-rules.json 2. Connect to Slack using the bot token from environment 3. Analyze incoming message content for keywords and intent 4. Match against routing rules to determine target channel 5. Forward the message to the appropriate channel 6. Log the routing decision for audit purposes ## Error Handling - If Slack API is unreachable, retry 3 times with exponential backoff - If no routing rule matches, send to the #general channel - Log all errors to ./logs/routing-errors.log
Creating Your First Skill
From empty directory to published skill in five steps. Each step includes the exact commands and structure you need.
Step 1: Set Up Your Skill Directory
Create a new directory for your skill. The directory name becomes the skill's identifier on ClawHub. Use lowercase with hyphens (e.g., 'slack-message-router').
- mkdir slack-message-router && cd slack-message-router
- Create SKILL.md as the primary file
- Add a README.md for GitHub documentation
- Create a /scripts directory for supporting code (if needed)
Step 2: Write Your SKILL.md
The SKILL.md file is the heart of your skill. Define metadata at the top, then write clear instructions that tell the agent how to use the skill.
- Start with metadata: name, version, author, description, tags
- Define required permissions (e.g., network:read, filesystem:write)
- Write step-by-step instructions the agent follows
- Include example inputs and expected outputs
- Document configuration parameters the user can customize
Step 3: Add Supporting Files
If your skill needs code beyond what SKILL.md instructions cover, add supporting scripts. Keep them minimal, readable, and well-documented.
- Scripts should be in a /scripts subdirectory
- Use clear function names and inline comments
- Never include API keys or credentials in code
- Pin all dependency versions for reproducibility
- Include error handling for all external API calls
Step 4: Test Locally
Install your skill into your local OpenClaw instance and test it thoroughly before publishing. Verify all instructions work, permissions are sufficient, and error handling is solid.
- Copy skill directory to your OpenClaw skills folder
- Run OpenClaw and test the skill with various inputs
- Verify error handling for API failures, timeouts, bad input
- Test with minimum permissions to ensure you are not requesting too much
- Have someone else test without your context (fresh perspective)
Step 5: Publish to ClawHub
Use the ClawHub CLI to publish your tested skill. You will need a ClawHub account and the skill will go through basic automated checks before listing.
- Create a ClawHub account at clawhub.ai if you do not have one
- Run: clawhub publish from your skill directory
- Automated checks verify SKILL.md structure and metadata
- VirusTotal scan runs on all files for malware detection
- Skill goes live after checks pass (usually within minutes)
Testing Your Skill Locally
Never publish a skill without thorough local testing. Here is a comprehensive testing checklist.
- Install into a local OpenClaw instance by copying to the skills directory
- Test with the exact permissions defined in SKILL.md — do not grant extra permissions
- Send 10+ different inputs including edge cases, empty inputs, and malformed data
- Test error scenarios: API down, invalid credentials, network timeout, rate limits
- Verify the skill does not access files or directories outside its declared scope
- Monitor network traffic to confirm only declared domains are contacted
- Run in a Docker container with restricted access to simulate production environment
- Have a colleague test with no prior knowledge of the skill (fresh perspective test)
- Check that all configuration parameters work with custom values
- Verify the skill works with the minimum supported OpenClaw version
Publishing to ClawHub
ClawHub hosts 10,700+ skills. Here is how to get yours published and discoverable. ClawHub uses vector-based semantic search, so your metadata matters.
Optimize for Semantic Search
ClawHub uses vector-based semantic search, not keyword matching. Write a clear, descriptive skill name and description that explains what your skill does in natural language. Include use cases and outcomes, not just technical specifications.
Complete Your Metadata
Fill in every metadata field in SKILL.md: name, version, author, description, tags, license, repository link, required permissions, and compatibility info. Incomplete metadata reduces discoverability and trust.
Run clawhub publish
From your skill directory, run 'clawhub publish'. The CLI validates your SKILL.md structure, checks metadata completeness, and submits your skill. Automated VirusTotal scanning checks all files for malware before listing.
Pass Automated Security Checks
ClawHub runs VirusTotal scanning on all submitted files. Skills with obfuscated code, encoded payloads, or suspicious network patterns may be flagged for manual review. Clean, readable code passes immediately.
Monetization Options
ClawHub supports multiple monetization models. Choose the one that fits your skill's value proposition and your business goals.
Free (Open Source)
Most common model. Free skills get the most installs and build your reputation. Many developers use free skills as portfolio pieces or lead magnets for paid services.
Advantages
- Maximum discoverability and installs
- Builds community reputation
- Can link to paid consulting or support
- No revenue share to ClawHub
One-Time Purchase
Charge a one-time fee for your skill. Best for complex, high-value skills that provide immediate ROI. Prices typically range from $5 to $50.
Advantages
- Simple pricing users understand
- Immediate revenue per sale
- No recurring billing complexity
- Good for utility skills with clear value
Subscription
Monthly or annual subscription for skills that require ongoing maintenance, API access, or continuous updates. Best for skills connected to external services.
Advantages
- Recurring revenue stream
- Funds ongoing development
- Aligns with skills needing maintenance
- Higher lifetime value per customer
Security Best Practices
With 824 malicious skills found on ClawHub, security is the number one concern for users evaluating skills. Following these practices builds trust and gets your skill more installs.
No Credentials in Code
Never hardcode API keys, tokens, passwords, or any credentials in SKILL.md or supporting files. Use environment variables or OpenClaw's credential store. This is the most common security mistake in ClawHub skills.
Minimum Permissions
Request only the permissions your skill actually needs. A Slack messaging skill does not need filesystem write access. A reporting skill does not need terminal execute permission. Every unnecessary permission is a red flag for users evaluating your skill.
Public Source Repository
Link to a public GitHub or GitLab repository where users can review every line of code. Skills without public source repositories are significantly less trusted and less installed. Transparency builds trust.
No Obfuscated Code
Never use minified, obfuscated, or base64-encoded code in your skills. All code should be human-readable. Obfuscated code is the primary marker used by security researchers to identify the 824 malicious skills found on ClawHub.
Disclose All Network Calls
Document every external domain your skill connects to. Users and security reviewers need to know exactly where data is being sent. Undisclosed network calls to unknown domains are a data exfiltration indicator.
Isolated Testing
Test your skill in an isolated Docker container with no real credentials before publishing. This protects you during development and demonstrates to users that you follow security best practices.
Maximizing Discoverability on ClawHub
ClawHub's vector-based semantic search means your skill's description is critical. Here is how to rank higher in search results.
- Write a skill description that explains outcomes, not just features ('Routes Slack messages automatically' beats 'Slack API integration')
- Include 5-10 specific tags that cover both broad categories and specific use cases
- Add use case examples in your SKILL.md — these get indexed for semantic search
- Keep your skill updated — recently updated skills rank higher in search results
- Build a track record: more installs, positive ratings, and community activity boost ranking
- Link to a well-documented GitHub repo — ClawHub favors skills with public source code
- Respond to user issues and questions — active maintainers get a verified badge faster
- Cross-promote on social media, forums, and the OpenClaw community Discord
Frequently Asked Questions
Your Competitors Are Already Automating. Are You?
Every week we send one automation that saves 10+ hours of manual work — the same playbooks our clients use to run their businesses on autopilot. Miss a week, miss the edge.
Get the Automation Playbook (Free)
One deploy-ready automation every week. Same strategies our clients pay thousands for. 400+ business owners already inside.
Need it done for you?
Book a Free Strategy Call See what we've built for real businesses →