ClawHub Skills — What to Install
& What to Avoid
341 malicious skills were found on ClawHub in early 2026. Here’s how to tell the good ones from the dangerous ones — and which skills are genuinely worth installing.
Red Flags to Check Before Installing Any Skill
In January 2026, Koi Security identified 341 malicious skills on ClawHub — linked to a campaign called ClawHavoc distributing the Atomic macOS Stealer (AMOS) credential-harvesting malware. The skills impersonated legitimate tools including crypto utilities, YouTube tools, and prediction bots. They had legitimate-looking names and icons.
- Unverified publisher with no historyPublished this week, zero community presence, no GitHub profile — instant red flag regardless of install count.
- Permissions don’t match stated purposeA “YouTube downloader” requesting access to your filesystem and API keys? Mismatched permissions = malicious intent.
- Impersonating popular tool namesClawHavoc specifically used names like “CryptoTracker Pro”, “YouTube Archiver”, “Prediction Markets Bot” — common-sounding, trustworthy-seeming names.
- No source code or closed-sourceAny skill you can’t audit is a skill you’re trusting blindly. Prefer open-source skills with readable code on GitHub.
- Requests network access to arbitrary IPsLegitimate skills use known APIs (Google, GitHub, etc.). A skill pinging an unknown IP is exfiltrating your data.
Verified Safe Skills Worth Installing
These skill categories are well-established with clear, auditable codebases and community verification.
✅ Calendar Integration
Google Calendar and Apple Calendar skills — read events, create reminders, set up meeting prep automations. Core productivity use case.
✅ GitHub Skill
Official GitHub integration — create issues, check PR status, review open tickets, trigger deployments. Huge value for developers.
✅ Web Research / Browser
Web browsing and URL summarization. Foundational skill — use for research, fact-checking, monitoring pages for changes.
✅ Email Integration
Gmail and Outlook integration. Triage inbox, draft replies, send scheduled messages. The most common OpenClaw use case.
✅ Notion / Obsidian
Create and update notes, pages, and databases. Powerful for knowledge management and documenting research findings.
✅ Weather & News
Morning briefing essentials. Aggregates news feeds and weather into your daily summary. Low permissions, high utility.
⚠️ Crypto Tools (verify carefully)
ClawHavoc specifically targeted crypto skill categories. Any crypto-related skill needs extra scrutiny — verified publisher, source code review, community validation.
⚠️ “All-in-one” multi-function skills
Skills claiming to do 10 different things typically request broad permissions to justify it. Prefer focused, single-purpose skills.
Install only what you actively use. Each skill increases your attack surface. Start with 3–5 core skills, verify they work correctly, then add more selectively. Quarterly — uninstall anything you haven’t used in 30 days.
Skills Vetted and Safe
With a careful skills policy in place, your OpenClaw agent is both powerful and secure.
Full Security GuideCVE History →