Do I need a paid KiwiClaw subscription to publish a skill?

No. The free community tier is sufficient to submit, manage, and publish skills on the KiwiClaw marketplace. You only need a paid plan if you want to run a managed OpenClaw instance yourself.

Publish Your Skill on KiwiClaw

The KiwiClaw Skills Hub already lists over 560 vetted OpenClaw skills — and the catalog is growing every week. If you have built a skill that solves a real problem, publishing it on KiwiClaw puts it in front of thousands of managed OpenClaw users who are actively looking for tools to extend their agents. Unlike ClawHub, every skill on KiwiClaw carries a security vetting guarantee, which means users install with confidence and authors build trust faster.

This guide walks you through the entire process: from preparing your skill for submission to earning revenue from premium listings. Whether you have an existing ClawHub skill or are building something new, you can go from code to published listing in under an hour.

Why Publish on KiwiClaw?

ClawHub is the default registry for OpenClaw skills, and it works well for discovery. But it has no security vetting, no quality guarantees, and no monetization path for creators. KiwiClaw fills those gaps.

Security vetting builds trust. Every skill on the KiwiClaw marketplace passes a multi-stage vetting pipeline that includes static analysis, sandboxed execution testing, and human review when needed. Skills that clear the pipeline earn a “KiwiClaw Verified” badge — a visible trust signal that tells users your code has been independently examined and found safe. In a world where 1,184 malicious skills were found on ClawHub in a single incident, verification matters.

Built-in audience. KiwiClaw users do not self-host. They are running managed OpenClaw instances and they browse the Skills Hub directly from their dashboard. Your skill appears in search results, category pages, and recommendations without you doing any marketing. Every new KiwiClaw subscriber is a potential user of your skill.

Revenue sharing for premium skills. Free skills are great for exposure and community contribution. But if your skill delivers significant value — a specialized integration, a productivity workflow, an industry-specific tool — you can set a monthly price between $1 and $50. Creators keep 85% of every subscription. KiwiClaw retains 15% to cover payment processing, hosting, and vetting infrastructure. Payouts are monthly via Stripe Connect with no minimum threshold.

Continuous monitoring protects your reputation. KiwiClaw re-evaluates skills whenever dependencies change or new threat intelligence surfaces. If a dependency of your skill is found to be compromised, KiwiClaw alerts you and works with you on a fix — rather than silently revoking your listing. Your reputation as a skill author is protected by the same infrastructure that protects users.

Prerequisites

Before you submit, make sure you have the following:

A working OpenClaw skill. Your skill should be tested locally and functioning correctly. If you are new to skill development, the OpenClaw skills documentation covers the fundamentals.
A GitHub repository. Public or private — both work. KiwiClaw pulls your code during the vetting process. If your repo is private, you will be prompted to grant read access during submission.
A KiwiClaw account. The free community tier is sufficient to publish skills. You do not need a paid subscription. Sign up here if you have not already.

Step 1: Create Your SKILL.md

Every skill on the KiwiClaw marketplace needs a SKILL.md file in the repository root. This file is the single source of metadata for your listing. KiwiClaw parses it during submission to populate your marketplace page, so getting it right matters.

Here is a complete example:

# My Awesome Skill
> A brief one-line description of what your skill does.

## Metadata
- Name: my-awesome-skill
- Version: 1.2.0
- Runtime: node
- Install: npx my-awesome-skill
- Author: Your Name
- License: MIT
- Category: productivity
- Tags: automation, workflow, email

## Description
A detailed explanation of what your skill does, what problems it
solves, and why someone would want to install it. Two to four
paragraphs is ideal. Be specific about capabilities and limitations.

This skill integrates with the Gmail API to let your OpenClaw agent
draft, send, and manage email threads. It supports attachments,
scheduling, and templated responses.

## Tools
| Tool | Description |
|------|-------------|
| draft_email | Create an email draft with subject, body, and recipients |
| send_email | Send a draft or compose and send immediately |
| search_inbox | Search emails by sender, subject, date, or label |
| manage_labels | Create, rename, or delete Gmail labels |

## Configuration
| Variable | Required | Description |
|----------|----------|-------------|
| GMAIL_CLIENT_ID | Yes | OAuth 2.0 client ID from Google Cloud Console |
| GMAIL_CLIENT_SECRET | Yes | OAuth 2.0 client secret |

## Examples
```
User: Draft an email to jane@example.com about the Q3 report
Agent: [uses draft_email] Done. Draft created with subject "Q3 Report"
```

## Changelog
- 1.2.0: Added attachment support
- 1.1.0: Added search_inbox tool
- 1.0.0: Initial release

A few things to note about the metadata fields:

Name must be lowercase, hyphen-separated, and unique across the KiwiClaw registry. Check the Skills Hub to make sure your name is not taken.
Runtime can be node, python, go, rust, or binary. This tells KiwiClaw what execution environment your skill needs.
Install is the command users run to add your skill. For npm packages, npx your-package is standard. For Python, uvx your-package or pip install your-package.
Category determines where your skill appears in the marketplace. Valid categories: productivity, development, communication, data, media, finance, research, automation, security, other.
Tags improve search discoverability. Use 3–5 relevant tags.

Step 2: Structure Your Repository

KiwiClaw does not enforce a rigid project structure, but the vetting pipeline works best when your repo follows standard conventions. Here is the recommended layout:

my-awesome-skill/
├── SKILL.md           # Required — marketplace metadata
├── package.json       # Or pyproject.toml, go.mod, Cargo.toml
├── src/
│   └── index.ts       # Entry point
├── tests/
│   └── index.test.ts  # Tests (strongly recommended)
├── README.md          # GitHub-facing documentation
└── LICENSE            # Required — must be an OSI-approved license

Key requirements:

SKILL.md must be in the repository root. The vetting pipeline will not find it in subdirectories.
LICENSE is required. KiwiClaw only lists skills with OSI-approved open source licenses for free skills. Premium skills can use proprietary licenses but must include clear license terms.
No vendored binaries. The static analysis stage flags pre-compiled binaries, minified code, and bundled executables. If your skill needs a binary dependency, declare it in your package manifest and let the runtime install it.
Tests are strongly recommended. Skills with test suites pass vetting faster because the sandbox can run your tests as part of behavioral analysis. Skills without tests rely entirely on the automated behavioral probes, which take longer.

Step 3: Submit to KiwiClaw

Once your SKILL.md is in place and your repo is ready, head to the submission page:

Log in to your KiwiClaw dashboard at app.kiwiclaw.app.
Navigate to Marketplace in the sidebar, then click Submit a Skill.
Paste your GitHub repository URL (e.g., https://github.com/yourname/my-awesome-skill).
KiwiClaw auto-populates the listing from your SKILL.md. Review the parsed fields — name, version, category, tools, configuration — and correct anything that looks wrong.
Optionally add screenshots, a demo GIF, or a short video walkthrough. Visual assets significantly increase install rates.
Choose your pricing: Free or Premium (set a monthly price between $1 and $50). For premium skills, you will need to connect a Stripe account for payouts.
Click Submit for Review.

You will receive a confirmation email with a tracking link. You can check the status of your submission anytime from the dashboard.

Step 4: The Vetting Process

After submission, your skill enters the KiwiClaw vetting pipeline. Here is what happens at each stage:

Pass 1: Metadata Validation

The pipeline checks that your SKILL.md is well-formed, all required fields are present, the skill name is unique, and the declared tools match what your code actually exports. This pass takes seconds.

Pass 2: Static Analysis

Your source code is scanned for known malicious patterns: obfuscated code, unauthorized network calls, credential access, privilege escalation attempts, and known malware signatures. Clean, straightforward code passes quickly. Code that uses dynamic evaluation, encoded payloads, or unusual system calls gets flagged for closer inspection.

Pass 3: Dependency Audit

Every direct and transitive dependency is checked against vulnerability databases and the KiwiClaw threat intelligence feed. Skills with known-vulnerable dependencies are flagged with specific remediation guidance — usually a version bump is all it takes.

Pass 4: Sandboxed Execution

Your skill runs in an isolated container with full behavioral monitoring. The sandbox tracks network connections, filesystem access, process activity, resource consumption, and timing-based triggers. This is the stage that catches sophisticated attacks that evade static analysis — including the deferred-payload pattern used in the ClawHavoc attack.

Pass 5: Permission Mapping

Based on the behavioral analysis, KiwiClaw generates a permission profile for your skill: what network endpoints it contacts, what files it reads or writes, what system resources it uses. This profile is displayed on your marketplace listing so users can make informed installation decisions.

Pass 6: Human Review (If Flagged)

If any earlier pass raises a flag — even a low-confidence one — your skill is routed to the KiwiClaw security team for manual review. Reviewers examine the flagged code, assess intent, and make a final determination. Not every flag means rejection. Legitimate skills often need network access or file I/O, and human reviewers distinguish between expected behavior and malicious intent.

Timeline: Most skills clear the pipeline within 24 to 48 hours. Simple skills with clean code and no flags often clear the same day. Skills that require human review may take up to 72 hours.

Common Rejection Reasons

The most frequent reasons skills are sent back for revision:

Undeclared network access. Your skill contacts an API that is not listed in the configuration or description. Fix: document all external endpoints in your SKILL.md.
Vulnerable dependencies. A transitive dependency has a known CVE. Fix: update the dependency to a patched version.
Missing or invalid license. No LICENSE file, or a license that is not OSI-approved (for free skills). Fix: add a standard license file.
Obfuscated or minified source. Pre-bundled JavaScript, base64-encoded strings, or dynamically generated code. Fix: ship readable source and let the build system handle compilation.
Excessive permissions. A skill that claims to manage calendar events but also reads SSH keys. Fix: reduce your skill's scope to what it actually needs.

Rejection reports are detailed and specific. You will know exactly what line of code or dependency was flagged, and what to change. Most rejections are resolved in a single revision.

Step 5: Get Verified

Once your skill passes all six vetting stages, it is published to the KiwiClaw Skills Hub and receives the KiwiClaw Verified badge. This badge appears on your listing, in search results, and in the one-click install dialog.

The Verified badge signals three things to users:

Security vetted. Your skill has been scanned, sandboxed, and cleared by the KiwiClaw pipeline.
Continuously monitored. If a dependency is compromised or a new threat is discovered, KiwiClaw re-evaluates your skill automatically.
Accountable author. Your KiwiClaw account is linked to the listing, so users know who built the skill and can reach you for support.

Verified skills rank higher in marketplace search results and are prioritized in category listings. For users who have enabled “Verified only” in their agent settings, your skill is the only kind they will see.

Monetization

KiwiClaw supports two pricing models for published skills:

Free Skills

Free skills are the default. They are great for community contributions, developer tools, open source integrations, and building a reputation as a skill author. Free skills often accumulate installs quickly, which boosts your visibility on the platform. Many successful premium skill authors started with a free skill to build credibility.

Premium Skills

Premium skills let you charge a monthly subscription between $1 and $50. Users pay through KiwiClaw — no separate payment infrastructure for you to manage. Here is how the economics work:

Component	Details
Revenue split	85% to creator, 15% to KiwiClaw
Payout schedule	Monthly, via Stripe Connect
Minimum payout	None — every dollar earned is paid out
Price range	$1 – $50 per month
Free trial	Optional — you can offer 7 or 14 day trials
Refund policy	Pro-rated refunds within 7 days, charged to platform

To enable premium pricing, connect your Stripe account during submission. KiwiClaw handles billing, subscription management, invoicing, and tax collection. You focus on building and maintaining the skill.

A skill priced at $10/month with 100 subscribers generates $850/month in creator revenue. Niche skills that solve specific, painful problems — CRM integrations, compliance workflows, industry-specific data tools — often command higher prices than broad utility skills.

Tips for a Successful Listing

The difference between a skill with 10 installs and one with 1,000 often comes down to presentation, not functionality. Here is what high-performing listings have in common:

Write a clear, specific description. “A skill for managing things” tells users nothing. “Create, assign, and track Jira tickets directly from your OpenClaw agent with natural language commands” tells them exactly what they get.
Document every tool. The tools table in your SKILL.md is the first thing power users check. Be precise about what each tool does, what parameters it accepts, and what it returns.
Include real examples. Show actual conversations between a user and an agent using your skill. Users want to see what the experience looks like before they install.
Add screenshots or a demo GIF. Visual assets increase install rates by 3–4x on average. A 15-second GIF showing your skill in action is worth more than a page of text.
Keep your README and SKILL.md in sync. GitHub visitors see the README. Marketplace visitors see the SKILL.md. Make sure they tell the same story.
Respond to reviews. KiwiClaw marketplace listings have a review section. Responding to feedback — even negative feedback — shows users that the skill is actively maintained.
Version your releases. Users trust skills with a clear version history. Use semantic versioning and keep the changelog in your SKILL.md up to date.
Test across models. KiwiClaw users run different LLM backends (Kimi K2.5 as “Auto”, Opus 4.6 as “MAX”, and BYOK users bring their own). Make sure your skill works well regardless of which model is driving the agent.

Frequently Asked Questions

How long does vetting take?

Most skills are reviewed and approved within 24 to 48 hours. Simple skills with clean code and no flags often clear faster. Complex skills with network access or filesystem operations may take up to 72 hours if they require manual review.

Can I update my skill after publishing?

Yes. Submit an update through the same dashboard. Updated skills go through the full vetting pipeline again. Your existing listing stays live while the update is reviewed. Once approved, the new version replaces the old one automatically.

What if my skill gets rejected?

You will receive a detailed report explaining exactly what was flagged and why. Fix the issues, then resubmit. There is no penalty or cooldown for resubmissions. Most rejections are resolved in a single revision.

Do I need a KiwiClaw subscription to publish?

No. The free community tier is sufficient to submit, manage, and publish skills. You only need a paid plan if you want to run a managed OpenClaw instance yourself.

How does revenue sharing work?

Creators keep 85% of revenue from premium skill subscriptions. KiwiClaw retains 15% to cover payment processing, hosting, and vetting infrastructure. Payouts are processed monthly via Stripe Connect with no minimum threshold.

Can I publish a private skill for my team only?

Yes. Enterprise plans support private skills that are visible only to members of your organization. Private skills still go through the vetting pipeline (unless your org admin has enabled “trust internal skills”), but they do not appear in the public marketplace.

What happens if a dependency of my skill is compromised?

KiwiClaw's continuous monitoring detects compromised dependencies and alerts you immediately. You will receive a notification with specific remediation steps. Your listing is not removed — instead, a warning badge is shown to users until you publish a patched version. If the vulnerability is critical, KiwiClaw may temporarily suspend new installs until a fix is available.

Ready to publish? Log in to your KiwiClaw dashboard and navigate to Marketplace → Submit a Skill. If you have questions about the vetting process or need help with your submission, reach out at skills@kiwiclaw.app.

Related Resources

Amogh Reddy

Founder, KiwiClaw · @AireVasant