ClawHub is OpenClaw’s official skills marketplace, hosting 52,700+ tools for 180,000 registered users with 12 million total downloads to date. The top trending skill, “Self-Improving Agent” by pskoett, has 417,900 downloads alone. A “Skill Vetter” security skill with 227,500 downloads checks for red flags before installing skills from any source. Other popular entries include GitHub integration (168,900 downloads), Google Workspace (166,200), Weather (143,400), and Multi Search Engine (133,000), showing the breadth of use cases the platform now covers.
The supply chain risk is real. Skills can execute code through OpenClaw’s gateway connected to WhatsApp, Slack, and 20+ platforms, making a malicious skill an attack vector for your entire digital life. Any skill that passes basic review gains access to your messages, files, and connected accounts. This is a familiar pattern from early npm, PyPI, and Chrome Web Store days, where convenience outpaced security review.
The VoltAgent/awesome-openclaw-skills project exists as a community-run curated trust layer because the official marketplace lacks sufficient quality control. Community curation has become the de facto security boundary for the platform. Users who install only from the curated list trade breadth for safety, while those who browse ClawHub directly accept meaningful risk with every new installation. Until OpenClaw implements stricter review processes, verified publisher badges, and sandboxed execution, the marketplace will remain a high-reward, high-risk environment for agent skill distribution.
Sources:
Disclaimer: For information only. Accuracy or completeness not guaranteed. Illegal use prohibited. Not professional advice or solicitation. Read more: /terms-of-service
Reuse
Citation
@misc{kabui2026,
author = {{Kabui, Charles}},
title = {ClawHub and the {Agentic} {Skills} {Marketplace} {Supply}
{Chain}},
date = {2026-05-02},
url = {https://toknow.ai/posts/clawhub-agentic-skills-marketplace-supply-chain/},
langid = {en-GB}
}