← Cheatsheet

Skill Explorer & Builder

Browse verified bundled skills, learn to safely vet community skills, and generate custom SKILL.md files for your own skills.

🟢 These are first-party bundled skills
All skills below ship with OpenClaw and are maintained by @steipete (Peter Steinberger, OpenClaw creator) and the core team. Source code is in the openclaw/openclaw repo. Zero external code risk — they're part of the install.
🦞 Pixeyo Curated Skills — Written from scratch, 100% safe
8 original skills built by Pixeyo to fill the most common gaps. No code from ClawHub — every line is original. Read-only where possible. No external dependencies beyond standard CLI tools. Download all (.zip) →
⚠️ Warning: Every Skill You Enable Costs Tokens on EVERY Call
OpenClaw injects all enabled skills into the system prompt on every API call — even when they're not relevant to the task. With 20 custom skills, you're burning ~32,000 extra tokens per message, adding $30–100/month to your API bill for nothing.
Before installing skills, read: How to Load Skills On Demand → — Two approaches to reduce skill token costs by up to 89%.
  • Keep skills.allowBundled to 3–5 essential skills, not all 53
  • Archive custom skills you don't need on every call
  • Use on-demand loading patterns for specialist skills
No skills match your search.
ℹ️ Bundled skills auto-load if their CLI dependency is installed
They don't need separate installation. Use openclaw skills list --eligible to see which are active. To restrict which bundled skills load, use skills.allowBundled in your config. Full docs →
🛡️ ClawHub + VirusTotal Partnership (Feb 7, 2026)
All skills on ClawHub are now scanned via VirusTotal threat intelligence + Code Insight (Gemini-powered behavioral analysis). SHA-256 hash verification on upload. Malicious skills blocked instantly. Suspicious skills get warning labels. Daily re-scans of all active skills.

Important: VirusTotal scanning is one layer — not a guarantee. Prompt injection and subtle tool poisoning may evade detection. Always review skill source code yourself.
Official announcement →
⚠️ ClawHavoc Incident — Feb 2026
Koi Security found 341 actively malicious skills on ClawHub. Later audits pushed the total past 1,100. Skills contained keyloggers, Atomic macOS Stealer, backdoors, and credential exfiltration. ClawHub removed 2,419 suspicious skills. The registry has since recovered and added scanning — but remains a target.
VirusTotal deep dive →

✅ Vetting Checklist — Before Installing Any Community Skill

  1. 1. Start with bundled skills. They ship with OpenClaw and cover most needs. Run openclaw skills list. Zero external code risk.
  2. 2. Run skill-vetter first. It's bundled. Analyzes any ClawHub skill for security red flags before you install.
  3. 3. Check VirusTotal scan on ClawHub. Every skill page shows scan status. Look for the green "benign" badge. If flagged — do not install.
  4. 4. Check the author. @steipete = first-party. Known authors with multiple maintained skills = lower risk. Anonymous + 1 skill = red flag.
  5. 5. Check stars + version count. 10+ versions and 100+ stars = community-vetted over time. 1 version / 0 stars = extreme caution.
  6. 6. Inspect before installing. Run clawhub inspect <skill-name> to view SKILL.md without installing. Check tools used, env vars required, permissions claimed.
  7. 7. Scan source for red flags. See checklist below. Look for obfuscated code, external downloads, excessive permissions, hidden instructions.
  8. 8. Use sandbox mode. Set sandbox: "all" in your config when testing untrusted skills.

🚩 Red Flags in Skill Source Code

curl | bash or wget | sh — Downloads and executes remote code. Reject immediately.
base64 -d or atob() — Obfuscated payloads. Legitimate skills never hide their code.
eval() on external input — Arbitrary code execution vector.
Zero-width Unicode — Invisible characters can contain hidden prompt injection instructions.
Access to ~/.ssh, ~/.aws, ~/.openclaw/credentials — Unless explicitly needed, this is credential theft.
Outbound HTTP to unknown domains — Check what the skill phones home to. Legit skills document their endpoints.
chmod 777 or sudo — No skill should need root access or world-writable permissions.
"ignore previous instructions" or "do not tell the user" — Classic prompt injection. Report and avoid.
🌐 Browse ClawHub Safely
clawhub.ai — Official registry with VirusTotal scan badges per skill
awesome-openclaw-skills — Curated community list (2,868 skills, filtered from 5,705)
trust.openclaw.ai — OpenClaw security program & threat model
🛠️ Build your own skill — the safest option
Custom skills you write yourself are the most secure. You control every line. No supply-chain risk. Drop a SKILL.md in your workspace and OpenClaw picks it up.

📝 Skill Metadata

📦 Requirements

📄 Instructions

📄 SKILL.md

--- name: my-skill description: "Description of what this skill does." --- # my-skill ## What This Skill Does Describe what the skill does, what tools it provides, and how the agent should use it. ## Usage Explain how to invoke, what parameters it accepts, and what output to expect.

📂 Where to put it

Save as SKILL.md inside a folder:
Workspace skill (highest priority): ~/.openclaw/workspace/skills/my-skill/SKILL.md
Managed skill: ~/.openclaw/skills/my-skill/SKILL.md
OpenClaw picks it up on next session. Verify with openclaw skills list.

✨ Workspace Wizard · ⚙️ Config Builder · 📖 Cheatsheet · 🌐 ClawHub · 🛡️ Security

Built by Pixeyo · Not affiliated with OpenClaw · Data from docs.openclaw.ai & GitHub

☕ Support · ← Back to Cheatsheet