GUIDE 05 All Levels 18 pages Free
We reviewed 50+ ClawHub skills for security, performance, and real-world value. Here are the 10 worth installing — and exactly how to verify any skill before you run it.
Why We Audited These Skills
Security researchers found that 26% of ClawHub skills contain vulnerabilities — including data exfiltration, excessive permissions, and in some cases, malicious code. We reviewed 50+ skills so you can install with confidence. Every skill on this list has been manually reviewed for security, permissions, and real-world usefulness.
Found a skill you want audited? Post it in the community and we'll review it together.
Get help from real practitioners doing this every day.
Join Free CH 1 The 10 Audited Skills
Click any skill to see the full audit details, permissions, and install command.
1 web-search Research Safe
Real-time web search using multiple search engines. The most essential skill for any OpenClaw setup. Actively maintained, minimal permissions.
2 read-url Research Safe
Fetches and parses webpage content. Works with web-search to let your agent read full articles, documentation, and web pages.
3 file-manager Productivity Safe (sandboxed)
Read, write, and organize files in your designated workspace directory. Sandboxed to your openclaw workspace by default.
4 code-runner Development Review carefully
Executes Python, JavaScript, and shell scripts. Powerful but requires careful permission configuration. Disable shell access unless you specifically need it.
5 email-draft Communication Safe (draft only)
Drafts emails and saves them to a drafts folder. Does NOT send emails automatically — requires your explicit send action. Excellent for email workflows.
6 calendar-read Productivity Safe (read-only)
Reads your calendar to help with scheduling and time-aware tasks. Read-only — cannot create or modify events.
7 summarize Research Safe
Condenses long documents, articles, and transcripts into structured summaries. No external network calls — pure LLM processing.
8 notion-sync Productivity Safe
Read and write to Notion pages and databases. Requires your Notion API key. Well-maintained with proper OAuth scoping.
9 image-describe Vision Safe
Analyzes images and generates descriptions. Useful for processing screenshots, photos, and visual content in your workflows.
10 markdown-export Productivity Safe
Converts agent outputs to formatted Markdown, PDF, or HTML documents. No external calls — pure local processing.
Which skill has been most useful for you? Share your workflow in the community.
Get help from real practitioners doing this every day.
Join Free CH 2 How to Audit Any Skill Yourself
SKILL.md exists and clearly explains what the skill does Permissions match the stated functionality (no over-permissions) Source code reviewed — no suspicious external calls No hardcoded credentials or suspicious URLs in code Skill has been updated within the last 3 months Issues are being responded to by maintainer Test run completed — behavior matches expectations Network connections during test match stated permissions Skill sandboxing enabled in openclaw.json Download All Formats — Free
PDF guide, audit checklist, and skill comparison table
You've completed all 5 guides!
Join the community to go deeper
Weekly Q&A, peer feedback, and early access to new guides.
Join Free on Skool
Ask the AI anything about OpenClaw →