Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
skillguard
Security scanner for ClawHub skills. Vet third-party skills before installation — detect dangerous patterns, suspicious code, and risky dependencies.
openclaw-warden-pro
Full workspace security suite: detect unauthorized modifications, scan for prompt injection patterns, and automatically respond with countermeasures — snapshot restore, skill quarantine, git rollback, and automated protection sweeps. The complete post-installation security layer for agent workspaces.
robotx
Use the robotx CLI to deploy, manage versions, and check status for RobotX applications.
cloudflare
Manage Cloudflare Workers, KV, D1, R2, and secrets using the Wrangler CLI. Use when deploying workers, managing databases, storing objects, or configuring Cloudflare resources. Covers worker deployment, KV namespaces, D1 SQL databases, R2 object storage, secrets management, and tailing logs.
insecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
alicloud-security-cloudfw
Manage Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK. Use whenever the user requests firewall policy/resource operations, change management, status checks, or troubleshooting Cloud Firewall API workflows.
rose-docker-build
Build the ROSE compiler in a Docker container using autotools or CMake. Use when setting up ROSE development environment, building ROSE from source, or troubleshooting ROSE build issues. ROSE requires GCC 7-10 which most modern hosts don't have, so Docker is the recommended approach.
volcengine-compute-function
Build and operate Volcengine Function Compute workloads. Use when users need function deployment, event triggers, runtime configuration, or serverless troubleshooting.
alicloud-security-id-verification-cloudauth
Manage Alibaba Cloud ID Verification (Cloudauth) via OpenAPI/SDK. Use whenever the user is working on identity-verification resource operations, config updates, status checks, or troubleshooting Cloudauth API workflows.
openclaw-docker-setup
Install and configure a fully operational Dockerized OpenClaw instance on macOS from scratch. Includes browser pairing, Discord channel setup, and optional Gmail/Google Drive integration. Use when user asks to "install openclaw docker", "set up dockerized openclaw", "openclaw in docker", or "isolated openclaw instance".
alicloud-compute-ecs
Manage Alibaba Cloud Elastic Compute Service (ECS) via OpenAPI/SDK. Use for listing or creating instances, starting/stopping/rebooting, managing disks/snapshots/images/security groups/key pairs/ENIs, querying status, and troubleshooting workflows for this product.
alicloud-security-center-sas
Manage Alibaba Cloud Security Center (Sas) via OpenAPI/SDK. Use whenever the user needs Security Center resource operations, configuration updates, status queries, and troubleshooting Sas API or security workflow issues.
rose-container-tools
Build and run ROSE compiler tools using ROSE installed in a Docker container. Use when developing source-to-source translators, call graph analyzers, AST processors, or any tool that links against librose.so. Triggers on "ROSE tool", "callgraph", "AST traversal", "source-to-source", "build with ROSE", "librose".
volcengine-security-kms
Key lifecycle management with Volcengine KMS. Use when users need key creation, rotation policies, encryption/decryption workflows, or key permission troubleshooting.
alicloud-security-kms
Manage Alibaba Cloud Key Management Service (KMS) via OpenAPI/SDK. Use whenever the user needs key lifecycle/resource operations, policy/configuration changes, status inspection, or troubleshooting KMS API workflows.
alicloud-compute-fc-serverless-devs
Alibaba Cloud Function Compute (FC 3.0) skill for installing and using Serverless Devs to create, deploy, invoke, and remove a Python function. Use when users need CLI-based FC quick start or Serverless Devs setup guidance.
remix-api-key-auth
Configure and verify bearer API key authentication for Remix agent publishing workflows.
cisco-asa-syslog
Parse, interpret, and analyze Cisco ASA (Adaptive Security Appliance) firewall syslog messages. Use this skill whenever working with Cisco ASA log files, syslog streams from ASA devices, firewall event analysis, or security investigations involving ASA-generated events. Covers the syslog protocol foundation and the ASA-specific message format with message ID categorization.
solidity-guardian
Smart contract security analysis skill. Detect vulnerabilities, suggest fixes, generate audit reports. Supports Hardhat/Foundry projects. Uses pattern matching + best practices from Trail of Bits, OpenZeppelin, and Consensys.
quickintel-scan
Scan any token for security risks, honeypots, and scams using Quick Intel's contract analysis API. Use when: checking if a token is safe to buy, detecting honeypots, analyzing contract ownership and permissions, finding hidden mint/blacklist functions, or evaluating token risk before trading. Triggers: 'is this token safe', 'scan token', 'check for honeypot', 'audit contract', 'rug pull check', 'token security', 'safe to buy', 'scam check'. Supports 63 chains including Base, Ethereum, Solana, Sui, Tron. Costs $0.03 USDC per scan via x402 payment protocol. Requires an x402-compatible wallet — recommended: managed wallet service (Sponge, AgentWallet) with no raw key exposure. Programmatic signing with dedicated hot wallet also supported. This skill is read-only and never accesses your tokens or assets.
slither-audit
Run slither static analysis on Solidity contracts. Fast, lightweight security scanner for EVM smart contracts.
epistemic-guide
Helps users examine the logical foundations of their beliefs through Socratic questioning when they make potentially dubious claims. Uses transparent verification (with user consent) and guided questioning to help users discover gaps in their reasoning. Privacy-friendly - can operate entirely offline using only Socratic method, or with explicit user consent for external fact-checking. Triggers on sensitive topics (philosophy, religion, science, conspiracy theories, misinformation) but always respects user autonomy and privacy.
devops-bridge
Unified developer operations bridge connecting GitHub, CI/CD (GitHub Actions), Slack, Discord, and issue trackers (Linear, Jira, GitHub Issues) into cross-tool automated workflows. Sends context-rich CI failure notifications to Slack with failing test details, tracks PR review lifecycle with escalating reminders, generates daily dev standup summaries, syncs issue status when PRs are merged, detects flaky tests, and monitors repository health. Use this skill for: PR review reminders, CI build alerts, "what happened in my repos", "any failing builds", "who needs a review", dev team standup summary, deploy notifications, repository monitoring, connecting GitHub to Slack, linking PRs to Jira/Linear tickets, code review tracking, merge conflict alerts, or any request to bridge development tools together. If the user mentions GitHub AND Slack (or any two dev tools) together, this skill connects them.
portainer
Control Docker containers and stacks via Portainer API. List containers, start/stop/restart, view logs, and redeploy stacks from git.