Skip to content
nacre.sh
All posts
Security

How ClawHub Vets Skills: The Security Process Explained

nacre.sh TeamMay 5, 20267 min read

How does ClawHub vet OpenClaw skills before publication? Learn the code review, signing process, and Verified badge criteria after the ClawHavoc incident.

clawhub skill vettingopenclaw skill securityclawhub verified skillsclawhub security

Since the ClawHavoc incident in early 2026, ClawHub's skill vetting process has been completely overhauled. Here's exactly how skills get reviewed and what the Verified badge means.

The Pre-ClawHavoc Problem

Before the incident, ClawHub operated on a model similar to npm or PyPI: anyone could publish, and community reviews and download counts indicated quality. There was no mandatory code review. This allowed 341 malicious skills to accumulate over three months undetected.

The New Vetting Process

Step 1: Automated Static Analysis Every submitted skill runs through an automated security scanner that checks for:

  • Network calls to non-allowlisted domains
  • File system access outside expected skill directories
  • System command execution patterns
  • Cryptographic operations (potential key exfiltration)
  • Known malicious code patterns

Skills failing automated checks are flagged for manual review or rejected.

Step 2: Human Code Review Skills passing automated review are reviewed by ClawHub's security team (or trained community volunteers for the Community Verified tier). Reviewers check:

  • What the skill claims to do vs. what the code actually does
  • Permission requests and whether they're justified
  • Data handling practices
  • Third-party dependencies (supply chain)

Step 3: Cryptographic Signing Approved skills are signed with ClawHub's private key. When users install a skill, OpenClaw verifies the signature. Tampered or unofficial skills fail signature verification.

Step 4: Ongoing Monitoring Published skills are periodically re-reviewed. Community security reports are investigated within 24 hours.

Badge Tiers

BadgeMeaning
🔒 ClawHub VerifiedFull code review + cryptographic signature
🌐 Community VerifiedCommunity contributor review + signature
⚠️ UnverifiedAutomated scan only; use with caution

nacre.sh installs only Verified or Community Verified skills by default. Users can enable Unverified skills explicitly.

How to Submit a Skill

  1. Publish to GitHub (public repository)
  2. Submit via clawhub submit CLI or the ClawHub web portal
  3. Complete the security questionnaire
  4. Automated scan runs within 2 hours
  5. Human review within 3-5 business days

Frequently Asked Questions

Can I submit a skill that makes network calls?

Yes, but you must declare all network endpoints in the skill manifest. Undeclared network calls are an automatic rejection reason.

How often are verified skills re-reviewed?

ClawHub targets annual re-review for all verified skills, with earlier review triggered by dependency updates or community security reports.

What happens if a previously verified skill is found to be malicious?

The skill is immediately removed, signature is revoked, and users with the skill installed receive an alert to uninstall.

nacre.sh

Run OpenClaw without the server headaches

Dedicated instance, automatic TLS, nightly backups, and 290+ LLM integrations. Live in under 90 seconds from $12/month.

Deploy your agent →

Related posts

SecurityOpenClaw Firewall Configuration for SecurityConfigure a proper firewall for your self-hosted OpenClaw deployment. UFW rules, Docker network isolation, and outbound restrictions explained.7 min readSecuritySecuring openclaw.json: Configuration File Best PracticesBest practices for securing your OpenClaw configuration file. Permissions, secrets management, version control safety, and encryption options.6 min readSecurityOpenClaw and AI Regulations: China, EU, and Global RulesWhat AI regulations affect OpenClaw users in 2026? China's AI assistant rules, EU AI Act, US executive orders, and what they mean for self-hosted AI agents.8 min read