Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
clawtime
Install, configure, start, and troubleshoot ClawTime — a private self-hosted webchat UI for OpenClaw with passkey (Face ID) auth, Piper TTS voice, and 3D avatar. Requires Cloudflare tunnel for HTTPS (passkeys need a real domain). Use when the user wants to install ClawTime on a new machine, configure the tunnel, register a passkey, set up TTS, start/stop the server, or diagnose errors. Triggered by requests like "install clawtime", "set up clawtime", "start clawtime", "clawtime isn't working", "register passkey", "device auth issue".
mayguard
A security auditor for agent skills. Scans skill directories for malicious patterns (credential theft, suspicious network calls, destructive commands) and provides a safety score. Use before installing unknown skills.
astrai-inference-router
Route all LLM calls through Astrai for 40%+ cost savings with intelligent routing and privacy controls
skill-audit-guardian
Audit dropped ClawHub skill ZIPs, classify risk (SAFE/CAUTION/REMOVE), auto-sort files, and generate a plain-English security dashboard.
cpa-codex-auth-sweep-cliproxy
通过 CLI Proxy Management API 拉取 Codex 认证文件并高并发探活扫描。适用于「扫号」「清死号」「清理 Codex 401」场景;仅在用户明确确认后可删除 401。执行前必须提供 base_url 与 management_key。安全限制:默认仅允许 https://chatgpt.com 作为 probe 主机,非白名单目标需显式危险确认。
claw-security-scanner
Imported from https://github.com/openclaw/skills.
agent-security-auditor
Imported from https://github.com/openclaw/skills.
molthreats
Agent-native security signal feed by PromptIntel. Use this skill whenever the agent needs to report threats, fetch protection feeds, apply security rules, or update SHIELD.md. Trigger on any mention of: threat reporting, security feed, MCP threats, malicious skills, prompt injection reports, IOCs, indicators of compromise, agent security, PromptIntel, MoltThreats, SHIELD.md, or SHIELD.md updates. Also trigger when the agent detects suspicious behavior during normal operation (unexpected tool calls, credential access attempts, unknown MCP servers, exfiltration patterns).
arc-sentinel
Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.
private-web-search-searchxng
Self-hosted private web search using SearXNG. Use when privacy is important, external APIs are blocked, you need search without tracking, or want to avoid paid search APIs.
azure-entra-id-auditor
Audit Microsoft Entra ID for over-privileged roles, dangerous access patterns, and identity security gaps
openpond-cli
Use the OpenPond CLI to create repos, watch deployments, and run tools without the web UI.
clawguard
Security scanner for OpenClaw/Clawdbot skills - detect malicious patterns before installation
xinqing-journal
心情日记 — 智能情绪追踪器,通过自然语言记录中文日记、自动识别7种情绪、 1-10分评分、智能标签提取,生成日/周/月报告和趋势分析。 数据纯本地JSON存储,零网络请求,保护隐私。
openclaw-security-monitor
Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments
kitchenowl-cli
Use kitchenowl-cli from terminal with pipx install, auth, and core read/write commands for KitchenOwl.
fosmvvm-swiftui-app-setup
Set up the @main App struct for FOSMVVM SwiftUI apps. Configures MVVMEnvironment, deployment URLs, and test infrastructure.
ralph-ultra
Deep-dive security audit with 1,000 iterations (~4-8 hours). Use when user says 'deep security audit', 'ralph ultra', 'compliance audit prep', 'thorough security review', 'before major release', or 'security incident investigation'. Covers OWASP deep dive, supply chain, compliance, business logic, 4 expert personas.
immigration
Immigration process guidance and application organization with strict privacy boundaries. Use when user mentions moving to another country, visa applications, work permits, residency, citizenship, or immigration documents. Helps with pathway analysis, document checklists, deadline tracking, and interview preparation. NEVER provides legal advice or immigration law interpretations.
openproject-by-altf1be
OpenProject CRUD skill — manage work packages, projects, time entries, comments, attachments, statuses, and more via OpenProject API v3 with API token auth. Supports cloud and self-hosted instances.
ssl-certificate-monitor
Monitor SSL certificates for expiration, security issues, and compliance across domains and subdomains.
ms365-tenant-manager
Microsoft 365 tenant administration for Global Administrators. Automate M365 tenant setup, Office 365 admin tasks, Azure AD user management, Exchange Online configuration, Teams administration, and security policies. Generate PowerShell scripts for bulk operations, Conditional Access policies, license management, and compliance reporting. Use for M365 tenant manager, Office 365 admin, Azure AD users, Global Administrator, tenant configuration, or Microsoft 365 automation.
grand-bazaar-swap
Perform and document Grand Bazaar P2P swaps on Base using deployed AirSwap Swap contracts. Includes repeatable workflows for approvals, EIP-712 signing, cast/deeplink posting, execution, and verification across ERC20/ERC721/ERC1155 routes.
megaeth-developer
End-to-end MegaETH development playbook (Feb 2026). Covers wallet operations, token swaps (Kyber Network), eth_sendRawTransactionSync (EIP-7966) for instant receipts, JSON-RPC batching, real-time mini-block subscriptions, storage-aware contract patterns (Solady RedBlackTreeLib), MegaEVM gas model, WebSocket keepalive, bridging from Ethereum, and debugging with mega-evme. Use when building on MegaETH, managing wallets, sending transactions, or deploying contracts.