OpenClaw and Skill Sharing
Navigate ClawHub, evaluate community extensions safely, and share your own skills — plus how it compares to Cowork plugins.
Premium Course Content
This lesson is part of a premium course. Upgrade to Pro to unlock all premium courses and content.
- Access all premium courses
- 1000+ AI skill templates included
- New content added weekly
The Cowork ecosystem isn’t just Anthropic’s official plugins. There’s a much larger world of community-built skills — and it comes with both opportunities and real risks.
🔄 Quick Recall: In the MCP lesson, you learned that plugins connect to external tools via MCP servers. Those MCP connections are one of the things you need to verify when evaluating community extensions.
The Landscape: Three Sources
You can get Cowork skills and plugins from three places:
| Source | Quality | Security | Size |
|---|---|---|---|
| Anthropic Official (knowledge-work-plugins) | High | Verified | 15 plugins, 85+ skills |
| OpenClaw / ClawHub | Varies | Unverified — vet carefully | 3,000+ extensions |
| Build Your Own | Your call | You control it | Unlimited |
Anthropic’s official plugins are safe and well-built. Start here.
ClawHub (OpenClaw’s marketplace) has volume — thousands of community extensions. But it also has problems. Serious ones.
The ClawHub Security Reality
This needs to be said plainly: ClawHub has security issues.
In early 2026, security researchers found:
- 800+ malicious skills on ClawHub (roughly 20% of the ecosystem at the time)
- Typosquatting attacks — skills named almost identically to popular ones, with malicious code
- A critical vulnerability (CVE-2026-25253) that allowed remote code execution
- 30,000+ exposed instances running without proper authentication
The core problem: AI skills get system-level execution privileges. A malicious npm package can mess up your code. A malicious AI skill can read your files, access your tools through MCP connections, and execute actions on your computer.
This doesn’t mean you should avoid ClawHub entirely. It means you need to vet what you install.
✅ Quick Check: Why are malicious AI skills more dangerous than malicious npm packages? (AI skills get system-level execution privileges — they can access files and external tools, not just run code.)
How to Evaluate Community Skills Safely
Step 1: Check the author. Who published this? Do they have a reputation? A GitHub profile with real projects? Or is this an anonymous account created yesterday?
Step 2: Read the source code. This is the huge advantage of file-based skills — they’re markdown. You can literally read them. Open the SKILL.md and check:
- What does it instruct Claude to do?
- Does the behavior match the description?
- Are there suspicious instructions (exfiltrate data, make external calls)?
Step 3: Check the MCP connections. Look at .mcp.json. What external services does it connect to? A “Writing Assistant” plugin that wants access to your Gmail and file system is a red flag.
Step 4: Test in a sandbox. Create a test folder with non-sensitive files. Install the plugin. Run it against test data. Check what it actually does before pointing it at real work.
This takes 10 minutes per plugin. It’s worth it.
Our Skill Library as an Alternative
There’s another option for finding ready-to-use skills: our skill library.
Over 1,000 skills across categories — productivity, writing, coding, data analysis, creative work. Each one is:
- Vetted — reviewed before publishing
- One-click copy — paste directly into Cowork or download as a SKILL.md
- Universal — works with Claude, ChatGPT, Gemini, and other AI assistants
Not all of these are Cowork-specific plugins, but many work beautifully as skills you drop into your .claude/skills/ directory.
Sharing Your Own Skills
Built something useful? Three ways to share it:
1. Compressed File (Simplest)
Zip your plugin directory and send it to a colleague:
zip -r my-plugin.zip .claude/skills/my-skill/
They unzip it into their .claude/skills/ directory. Done.
2. GitHub Repository (Best for Teams)
Push your plugin to a GitHub repo. Anyone can clone it, and when you push updates, their version updates automatically if they installed via Git.
This is how Anthropic distributes their official plugins — and how most teams share internally.
3. Admin Provisioning (Enterprise)
On Team and Enterprise plans, admins can:
- Push plugins to specific teams automatically (auto-install)
- Restrict visibility so each team only sees relevant plugins
- Create a private plugin marketplace for the organization
This is the cleanest option for large organizations. New hires get the right plugins from day one.
Cowork Plugins vs OpenClaw
People ask this a lot. Here’s the honest comparison:
| Cowork Plugins | OpenClaw | |
|---|---|---|
| Architecture | Runs in isolated VM (sandboxed) | Runs on your machine directly |
| Security model | Anthropic-reviewed, confirmation gates | Community-driven, no mandatory review |
| Marketplace | Small, curated (15 official) | Large (3,000+), unvetted |
| Best for | Enterprise, security-conscious teams | Developers, experimenters |
| Plugin format | Markdown-based, file-based | Also file-based, similar structure |
| AI model | Claude only | Multiple models |
| Price | Included with Claude paid plans | Open source (free) |
They’re not really competitors — they serve different audiences. If you’re in a corporate environment handling sensitive data, Cowork’s sandboxed approach is the safer choice. If you’re a developer who wants maximum flexibility, OpenClaw gives you more control.
✅ Quick Check: What are the three ways to share a plugin? (Zip file, GitHub repo, admin provisioning.)
Key Takeaways
- Three skill sources: Anthropic official (safe), ClawHub (vet carefully), build your own
- ClawHub has real security risks — 800+ malicious skills were found
- Evaluate community skills by: checking the author, reading the source, verifying MCP connections, testing in a sandbox
- Share plugins via zip files, GitHub repos, or enterprise admin provisioning
- Cowork’s sandbox model is safer; OpenClaw offers more flexibility
- Our skill library has 1,000+ vetted skills you can use directly
Up Next
You know the ecosystem. Next lesson puts it all together: building multi-skill workflows that chain operations for end-to-end automation. This is where the real productivity gains happen.