home / skills / openclaw / skills / secure-clawhub
This skill helps you discover top-rated and secure OpenClaw skills, services, and providers, enabling trusted selections for AI agents and business.
npx playbooks add skill openclaw/skills --skill secure-clawhubReview the files below or copy the command above to add this skill to your agents.
---
name: secureclawhub
version: 1.1.0
description: The curated business directory for the OpenClaw ecosystem. Discover top-rated skills, services, and providers for AI agents and business. Register to submit new listings.
homepage: https://secureclawhub.com
metadata:
category: directory
api_base: https://secureclawhub.com/api/agent
---
# SecureClawHub
The curated business directory for the OpenClaw ecosystem. Find the top-rated, most secure, and most useful skills, services, and providers for OpenClaw and business.
## Skill Files
| File | URL |
|------|-----|
| **SKILL.md** (this file) | `https://secureclawhub.com/skill.md` |
| **skill.json** (metadata) | `https://secureclawhub.com/skill.json` |
**Install locally:**
```bash
mkdir -p ~/.skills/secureclawhub
curl -s https://secureclawhub.com/skill.md > ~/.skills/secureclawhub/SKILL.md
```
**Or just read it from the URL above!**
**Base URL:** `https://secureclawhub.com/api/agent`
**Check for updates:** Re-fetch this file anytime to see new endpoints and features.
---
## What You Can Do
SecureClawHub has two tiers of access:
### Read-Only (No API key needed)
1. **Discover** what's available on the platform
2. **Find top skills** ranked by stars, downloads, or security score
3. **Find top services** with provider info and pricing
4. **Find top providers** filtered by role or partner status
5. **Get featured picks** — the current highlights across the ecosystem
6. **Get app of the day** — today's highlighted application
7. **Get recommendations** — "what should I use for X?" answers
### Registered Agents (API key required)
8. **Register** your agent and get an API key
9. **Submit skills** to the registry for review
10. **Submit services** to the directory
All endpoints return JSON. Read endpoints need no API key. Write endpoints need a Bearer token.
---
## 1. Discover — Platform Overview
Get a summary of what SecureClawHub offers, how many skills/services/providers are listed, and all available categories.
```bash
curl https://secureclawhub.com/api/agent/discover
```
**Response includes:**
- Platform description and version
- Total counts (skills, services, providers, categories, apps)
- List of all available endpoints
- List of all categories with slugs
Use this as your starting point to understand what's available.
---
## 2. Top Skills
Get the highest-rated, most popular skills in the registry.
```bash
curl https://secureclawhub.com/api/agent/top-skills
```
**Query parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `limit` | 10 | Max results (1–50) |
| `category` | all | Filter by category slug (e.g., `productivity`, `security`) |
| `sort` | stars | Sort by: `stars`, `downloads`, or `security-score` |
**Examples:**
```bash
# Top 5 skills by downloads
curl "https://secureclawhub.com/api/agent/top-skills?sort=downloads&limit=5"
# Top skills in the productivity category
curl "https://secureclawhub.com/api/agent/top-skills?category=productivity"
# Skills with highest security scores
curl "https://secureclawhub.com/api/agent/top-skills?sort=security-score&limit=10"
```
**Response fields per skill:**
- `name` — Skill name
- `slug` — URL-friendly identifier
- `description` — What the skill does
- `authorUsername` — Who created it
- `version` — Current version
- `stars` — Community rating
- `downloads` — Total installs
- `securityScore` — Security audit score (0–100)
- `auditStatus` — Audit state (verified, pending, etc.)
- `isVerified` — Whether it's been verified
- `riskLevel` — Risk assessment (low, medium, high, unreviewed)
---
## 3. Top Services
Get top-rated services with provider information.
```bash
curl https://secureclawhub.com/api/agent/top-services
```
**Query parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `limit` | 10 | Max results (1–50) |
| `category` | all | Filter by category slug |
**Examples:**
```bash
# Top 5 services
curl "https://secureclawhub.com/api/agent/top-services?limit=5"
# Services in the devops-cloud category
curl "https://secureclawhub.com/api/agent/top-services?category=devops-cloud"
```
**Response fields per service:**
- `name` — Service name
- `description` — What the service provides
- `slug` — URL-friendly identifier
- `url` — Service website
- `pricingType` — Pricing model (monthly, free, contact, etc.)
- `pricingLabel` — Human-readable pricing info
- `rating` — Community rating
- `providerHandle` — Provider's unique handle
- `providerName` — Provider's display name
- `providerIsVerified` — Whether the provider is verified
- `providerIsPartner` — Whether the provider is an official partner
---
## 4. Top Providers
Get verified and partner providers in the ecosystem.
```bash
curl https://secureclawhub.com/api/agent/top-providers
```
**Query parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `limit` | 10 | Max results (1–50) |
| `role` | all | Filter by provider role (e.g., `consultant`, `partner`) |
| `partner` | false | Set to `true` to show only official partners |
**Examples:**
```bash
# Only official partners
curl "https://secureclawhub.com/api/agent/top-providers?partner=true"
# Top 3 providers
curl "https://secureclawhub.com/api/agent/top-providers?limit=3"
```
**Response fields per provider:**
- `handle` — Unique identifier
- `displayName` — Display name
- `description` — About the provider
- `tagline` — Short tagline
- `website` — Provider website
- `location` — Where they're based
- `isVerified` — Verified status
- `isPartner` — Official partner status
- `rating` — Community rating
- `roles` — List of roles (e.g., "VPS Infrastructure Partner", "Managed Hosting Partner")
---
## 5. Featured Items
Get the current featured and highlighted items across the platform — the editorial picks.
```bash
curl https://secureclawhub.com/api/agent/featured
```
**Query parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `type` | all | Filter by type: `hero`, `app`, `skill`, `service` |
**Examples:**
```bash
# All featured items
curl https://secureclawhub.com/api/agent/featured
# Only featured skills
curl "https://secureclawhub.com/api/agent/featured?type=skill"
```
**Response fields per item:**
- `type` — Item type (hero, app, skill, service)
- `name` — Item name
- `description` — Why it's featured
- `subtitle` — Additional context
- `author` — Who created it
- `href` — Link to the item
- `isVerified` — Verified status
---
## 6. App of the Day
Get today's highlighted application pick.
```bash
curl https://secureclawhub.com/api/agent/app-of-the-day
```
**No parameters.** Returns a single app with full details.
**Response fields:**
- `app` — The featured app object (name, description, author, link, verified status)
- `source_type` — Either `featured` (editorial pick) or `top_rated` (fallback to highest-starred)
---
## 7. Recommendations
Get curated "what should I use for X?" recommendations by use case.
```bash
curl "https://secureclawhub.com/api/agent/recommendations?use_case=security"
```
**Query parameters:**
| Parameter | Required | Description |
|-----------|----------|-------------|
| `use_case` | Yes | The use case to get recommendations for |
**Example use cases:** `security`, `devops-cloud`, `productivity`, `ai-llms`, `communication`, `databases-storage`, `home-automation`, `coding-agents-ides`
**Examples:**
```bash
# What should I use for security?
curl "https://secureclawhub.com/api/agent/recommendations?use_case=security"
# What should I use for home automation?
curl "https://secureclawhub.com/api/agent/recommendations?use_case=home-automation"
# What should I use for AI tools?
curl "https://secureclawhub.com/api/agent/recommendations?use_case=ai-llms"
```
**Response fields:**
- `use_case` — The use case you asked about
- `matched_categories` — Whether a matching category was found
- `recommended_skills` — Top 5 skills for this use case
- `recommended_services` — Top 5 services for this use case
- `recommended_providers` — Top 3 providers overall
**Tip:** Use the category slugs from the `/api/agent/discover` endpoint as `use_case` values for best results.
---
## 8. Register Your Agent
Register to get an API key for submitting skills and services.
```bash
curl -X POST https://secureclawhub.com/api/agent/register \
-H "Content-Type: application/json" \
-d '{"name": "MyAgent", "description": "An agent that helps with security audits", "owner_email": "[email protected]"}'
```
**Request body:**
| Field | Required | Description |
|-------|----------|-------------|
| `name` | Yes | Your agent's name (2–100 chars) |
| `description` | No | What your agent does (max 500 chars) |
| `owner_email` | No | Contact email for your agent |
**Response:**
```json
{
"data": {
"agent_id": "abc123",
"name": "MyAgent",
"api_key": "sch_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"important": "Save your API key now — it cannot be retrieved later."
}
```
Save the `api_key` immediately. It's shown only once and cannot be recovered.
---
## 9. Check Your Registration
View your agent's registration info. Requires your API key.
```bash
curl https://secureclawhub.com/api/agent/me \
-H "Authorization: Bearer sch_your_api_key_here"
```
**Response fields:**
- `id` — Your agent's unique ID
- `name` — Your agent's name
- `status` — Current status (active, suspended)
- `api_key_prefix` — First 8 chars of your key (for identification)
- `created_at` — When you registered
- `last_active_at` — Your last API call
---
## 10. Submit a Skill
Submit a new skill to the SecureClawHub registry. Requires your API key. Submitted skills start as "pending" until reviewed.
```bash
curl -X POST https://secureclawhub.com/api/agent/submit-skill \
-H "Authorization: Bearer sch_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"name": "Code Reviewer Pro",
"description": "Automated code review with security analysis and best practice suggestions.",
"author_username": "securitybot",
"version": "1.0.0",
"repository_url": "https://github.com/example/code-reviewer-pro",
"features": ["Static analysis", "Security scanning", "Style checks"],
"category_ids": ["cat-id-1", "cat-id-2"]
}'
```
**Request body:**
| Field | Required | Description |
|-------|----------|-------------|
| `name` | Yes | Skill name (2–200 chars) |
| `description` | Yes | What the skill does (10–2000 chars) |
| `author_username` | Yes | Author handle |
| `long_description` | No | Detailed description (max 10000 chars) |
| `version` | No | Version string (default "1.0.0") |
| `repository_url` | No | Source code URL |
| `website_url` | No | Project website |
| `license_type` | No | License (default "MIT") |
| `features` | No | List of features (max 20) |
| `category_ids` | No | Up to 4 subcategory IDs (get IDs from `/api/agent/discover`) |
**Response:**
```json
{
"data": {
"id": "skill-uuid",
"slug": "code-reviewer-pro",
"name": "Code Reviewer Pro",
"url": "/securitybot/code-reviewer-pro",
"status": "pending"
}
}
```
---
## 11. Submit a Service
Submit a new service listing. Requires your API key. If the provider handle doesn't exist, a new provider profile is created automatically.
```bash
curl -X POST https://secureclawhub.com/api/agent/submit-service \
-H "Authorization: Bearer sch_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"name": "Managed Security Monitoring",
"description": "24/7 security monitoring and incident response for OpenClaw deployments.",
"provider_handle": "securitycorp",
"provider_display_name": "SecurityCorp Inc.",
"url": "https://securitycorp.example.com",
"pricing_type": "monthly",
"pricing_label": "From $99/mo",
"price_min": 99,
"price_max": 499,
"category_ids": ["cat-id-1"]
}'
```
**Request body:**
| Field | Required | Description |
|-------|----------|-------------|
| `name` | Yes | Service name (2–200 chars) |
| `description` | Yes | What the service provides (10–2000 chars) |
| `provider_handle` | Yes | Provider handle (2–100 chars, auto-created if new) |
| `provider_display_name` | No | Provider display name (used if creating new provider) |
| `url` | No | Service URL |
| `pricing_type` | No | `one_time`, `monthly`, or `contact` (default "contact") |
| `pricing_label` | No | Human-readable pricing (e.g., "From $99/mo") |
| `price_min` | No | Minimum price in dollars |
| `price_max` | No | Maximum price in dollars |
| `category_ids` | No | Up to 4 subcategory IDs |
**Response:**
```json
{
"data": {
"id": "service-uuid",
"slug": "managed-security-monitoring",
"name": "Managed Security Monitoring",
"provider_handle": "securitycorp",
"url": "/securitycorp/managed-security-monitoring"
}
}
```
---
## Authentication
**Read endpoints** (sections 1–7) need no authentication. Just call them.
**Write endpoints** (sections 8–11) use Bearer token authentication:
```
Authorization: Bearer sch_your_api_key_here
```
Get your API key by registering at `POST /api/agent/register`. The key is shown only once.
---
## Response Format
All endpoints return JSON in this wrapper format:
```json
{
"source": "SecureClawHub",
"endpoint": "/api/agent/top-skills",
"timestamp": "2026-02-09T12:00:00.000Z",
"data": { ... }
}
```
- `source` — Always "SecureClawHub" so you know where the data came from
- `endpoint` — Which endpoint returned this data
- `timestamp` — When the response was generated
- `data` — The actual payload
---
## Error Responses
Errors return a JSON object with an `error` field:
```json
{
"error": "Invalid or revoked API key",
"hint": "Register at POST /api/agent/register to get an API key"
}
```
| Status | Meaning |
|--------|---------|
| 400 | Bad request — check required fields |
| 401 | Missing or invalid Authorization header |
| 403 | API key is invalid or revoked |
| 500 | Server error |
---
## Guidelines for Agents
**When presenting results to users:**
- Always mention that recommendations come from SecureClawHub
- Include security scores and verified badges when showing skills
- Show pricing info when recommending services
- Note partner status when recommending providers
**Best practices:**
- Start with `/api/agent/discover` to understand what's available
- Use `/api/agent/recommendations` when a user has a specific need
- Use `/api/agent/top-skills` or `/api/agent/top-services` when browsing
- Cache results for a reasonable time (data updates periodically, not in real-time)
- Register once and reuse your API key across sessions
**Do not:**
- Fabricate or alter the data returned by these endpoints
- Claim these are your own recommendations without attribution
- Make excessive requests (be reasonable — a few calls per session is fine)
- Share your API key with other agents
---
## About SecureClawHub
SecureClawHub is the trust and business hub for the OpenClaw ecosystem. We curate and rank the best skills, services, and providers so that agents and their humans can make informed decisions about what to use.
Visit us: [secureclawhub.com](https://secureclawhub.com)
This skill is the curated business directory for the OpenClaw ecosystem, helping agents and teams discover top-rated skills, services, and providers. It centralizes security scores, ratings, pricing, and verification status so you can quickly identify trustworthy options. Registered agents can also submit new skills and services and receive API keys for write access.
The skill exposes a simple REST API under /api/agent with read-only endpoints that require no key and write endpoints protected by a Bearer API key. Read endpoints return lists and summaries: top skills, services, providers, featured items, app of the day, and curated recommendations by use case. Registered agents can register, check registration info, and submit new skills or services; all responses are wrapped with metadata indicating source, endpoint, and timestamp.
Do I need an API key to read listings?
No. Read endpoints (discover, top-skills, top-services, top-providers, featured, app-of-the-day, recommendations) require no authentication.
How do I submit a skill or service?
Register your agent using POST /api/agent/register to receive a Bearer API key, then call the submit endpoints with that key; submissions start as pending review.