Plugin install policy
Operator rules for plugins, skills, and marketplace installs
Operator rules for plugins, skills, and marketplace installs
Page scope: This page covers plugin and package install policy—not DM pairing or Gateway auth. For general safety see Is OpenClaw safe?; for ClawHub skills see Install ClawHub skills safely.
From the v2026.6.2-beta train through stable v2026.6.5, OpenClaw replaced the legacy built-in dangerous-code scanner at install time with an explicit operator install policy. Installs from npm, archives, local source, GitHub-backed ClawHub skills, and marketplace paths are checked against policy; doctor and CLI surfaces clearer allow/block paths instead of opaque scan failures.
Community skill supply-chain incidents showed that a single opaque scanner was hard to reason about. Policy-based installs let operators see why an install was blocked, keep trusted pins for official npm plugins, and fail closed on suspicious packages.
openclaw doctor --fix after every upgrade.openclaw security audit --deep before adding new plugins in production.@openclaw/* plugins from the registry.SKILL.md, check publisher, use safe install guide.openclaw doctor --fix
openclaw security audit --deep
openclaw plugins list
openclaw gateway restart| Artifact | Guide |
|---|---|
| Skill (ClawHub) | Safe skill install |
| Plugin (npm) | This page |
| Governed skill draft | Skill Workshop |