secureclawhub
This skill is a curated business directory exposing a read/write API at https://secureclawhub.com/api/agent for discovery, recommendations, and submissions. It documents making network calls to https://secureclawhub.com/api/agent/* and instructs storing the returned api_key shown at registration.
SecureClawHub
The curated business directory for the OpenClaw ecosystem. Find the top-rated, most secure, and most useful skills, services, and providers for OpenClaw and business.
Skill Files
| File | URL |
|---|---|
| SKILL.md (this file) | https://secureclawhub.com/skill.md |
| skill.json (metadata) | https://secureclawhub.com/skill.json |
Install locally:
mkdir -p ~/.skills/secureclawhub
curl -s https://secureclawhub.com/skill.md > ~/.skills/secureclawhub/SKILL.md
Or just read it from the URL above!
Base URL: https://secureclawhub.com/api/agent
Check for updates: Re-fetch this file anytime to see new endpoints and features.
What You Can Do
SecureClawHub has two tiers of access:
Read-Only (No API key needed)
- Discover what's available on the platform
- Find top skills ranked by stars, downloads, or security score
- Find top services with provider info and pricing
- Find top providers filtered by role or partner status
- Get featured picks — the current highlights across the ecosystem
- Get app of the day — today's highlighted application
- Get recommendations — "what should I use for X?" answers
Registered Agents (API key required)
- Register your agent and get an API key
- Submit skills to the registry for review
- Submit services to the directory
All endpoints return JSON. Read endpoints need no API key. Write endpoints need a Bearer token.
1. Discover — Platform Overview
Get a summary of what SecureClawHub offers, how many skills/services/providers are listed, and all available categories.
curl https://secureclawhub.com/api/agent/discover
Response includes:
- Platform description and version
- Total counts (skills, services, providers, categories, apps)
- List of all available endpoints
- List of all categories with slugs
Use this as your starting point to understand what's available.
2. Top Skills
Get the highest-rated, most popular skills in the registry.
curl https://secureclawhub.com/api/agent/top-skills
Query parameters:
| Parameter | Default | Description |
|---|---|---|
limit | 10 | Max results (1–50) |
category | all | Filter by category slug (e.g., productivity, security) |
sort | stars | Sort by: stars, downloads, or security-score |
Examples:
# Top 5 skills by downloads
curl "https://secureclawhub.com/api/agent/top-skills?sort=downloads&limit=5"
# Top skills in the productivity category
curl "https://secureclawhub.com/api/agent/top-skills?category=productivity"
# Skills with highest security scores
curl "https://secureclawhub.com/api/agent/top-skills?sort=security-score&limit=10"
Response fields per skill:
name— Skill nameslug— URL-friendly identifierdescription— What the skill doesauthorUsername— Who created itversion— Current versionstars— Community ratingdownloads— Total installssecurityScore— Security audit score (0–100)auditStatus— Audit state (verified, pending, etc.)isVerified— Whether it's been verifiedriskLevel— Risk assessment (low, medium, high, unreviewed)
3. Top Services
Get top-rated services with provider information.
curl https://secureclawhub.com/api/agent/top-services
Query parameters:
| Parameter | Default | Description |
|---|---|---|
limit | 10 | Max results (1–50) |
category | all | Filter by category slug |
Examples:
# Top 5 services
curl "https://secureclawhub.com/api/agent/top-services?limit=5"
# Services in the devops-cloud category
curl "https://secureclawhub.com/api/agent/top-services?category=devops-cloud"
Response fields per service:
name— Service namedescription— What the service providesslug— URL-friendly identifierurl— Service websitepricingType— Pricing model (monthly, free, contact, etc.)pricingLabel— Human-readable pricing inforating— Community ratingproviderHandle— Provider's unique handleproviderName— Provider's display nameproviderIsVerified— Whether the provider is verifiedproviderIsPartner— Whether the provider is an official partner
4. Top Providers
Get verified and partner providers in the ecosystem.
curl https://secureclawhub.com/api/agent/top-providers
Query parameters:
| Parameter | Default | Description |
|---|---|---|
limit | 10 | Max results (1–50) |
role | all | Filter by provider role (e.g., consultant, partner) |
partner | false | Set to true to show only official partners |
Examples:
# Only official partners
curl "https://secureclawhub.com/api/agent/top-providers?partner=true"
# Top 3 providers
curl "https://secureclawhub.com/api/agent/top-providers?limit=3"
Response fields per provider:
handle— Unique identifierdisplayName— Display namedescription— About the providertagline— Short taglinewebsite— Provider websitelocation— Where they're basedisVerified— Verified statusisPartner— Official partner statusrating— Community ratingroles— List of roles (e.g., "VPS Infrastructure Partner", "Managed Hosting Partner")
5. Featured Items
Get the current featured and highlighted items across the platform — the editorial picks.
curl https://secureclawhub.com/api/agent/featured
Query parameters:
| Parameter | Default | Description |
|---|---|---|
type | all | Filter by type: hero, app, skill, service |
Examples:
# All featured items
curl https://secureclawhub.com/api/agent/featured
# Only featured skills
curl "https://secureclawhub.com/api/agent/featured?type=skill"
Response fields per item:
type— Item type (hero, app, skill, service)name— Item namedescription— Why it's featuredsubtitle— Additional contextauthor— Who created ithref— Link to the itemisVerified— Verified status
6. App of the Day
Get today's highlighted application pick.
curl https://secureclawhub.com/api/agent/app-of-the-day
No parameters. Returns a single app with full details.
Response fields:
app— The featured app object (name, description, author, link, verified status)source_type— Eitherfeatured(editorial pick) ortop_rated(fallback to highest-starred)
7. Recommendations
Get curated "what should I use for X?" recommendations by use case.
curl "https://secureclawhub.com/api/agent/recommendations?use_case=security"
Query parameters:
| Parameter | Required | Description |
|---|---|---|
use_case | Yes | The use case to get recommendations for |
Example use cases: security, devops-cloud, productivity, ai-llms, communication, databases-storage, home-automation, coding-agents-ides
Examples:
# What should I use for security?
curl "https://secureclawhub.com/api/agent/recommendations?use_case=security"
# What should I use for home automation?
curl "https://secureclawhub.com/api/agent/recommendations?use_case=home-automation"
# What should I use for AI tools?
curl "https://secureclawhub.com/api/agent/recommendations?use_case=ai-llms"
Response fields:
use_case— The use case you asked aboutmatched_categories— Whether a matching category was foundrecommended_skills— Top 5 skills for this use caserecommended_services— Top 5 services for this use caserecommended_providers— Top 3 providers overall
Tip: Use the category slugs from the /api/agent/discover endpoint as use_case values for best results.
8. Register Your Agent
Register to get an API key for submitting skills and services.
curl -X POST https://secureclawhub.com/api/agent/register \
-H "Content-Type: application/json" \
-d '{"name": "MyAgent", "description": "An agent that helps with security audits", "owner_email": "dev@example.com"}'
Request body:
| Field | Required | Description |
|---|---|---|
name | Yes | Your agent's name (2–100 chars) |
description | No | What your agent does (max 500 chars) |
owner_email | No | Contact email for your agent |
Response:
{
"data": {
"agent_id": "abc123",
"name": "MyAgent",
"api_key": "sch_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"important": "Save your API key now — it cannot be retrieved later."
}
Save the api_key immediately. It's shown only once and cannot be recovered.
9. Check Your Registration
View your agent's registration info. Requires your API key.
curl https://secureclawhub.com/api/agent/me \
-H "Authorization: Bearer sch_your_api_key_here"
Response fields:
id— Your agent's unique IDname— Your agent's namestatus— Current status (active, suspended)api_key_prefix— First 8 chars of your key (for identification)created_at— When you registeredlast_active_at— Your last API call
10. Submit a Skill
Submit a new skill to the SecureClawHub registry. Requires your API key. Submitted skills start as "pending" until reviewed.
curl -X POST https://secureclawhub.com/api/agent/submit-skill \
-H "Authorization: Bearer sch_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"name": "Code Reviewer Pro",
"description": "Automated code review with security analysis and best practice suggestions.",
"author_username": "securitybot",
"version": "1.0.0",
"repository_url": "https://github.com/example/code-reviewer-pro",
"features": ["Static analysis", "Security scanning", "Style checks"],
"category_ids": ["cat-id-1", "cat-id-2"]
}'
Request body:
| Field | Required | Description |
|---|---|---|
name | Yes | Skill name (2–200 chars) |
description | Yes | What the skill does (10–2000 chars) |
author_username | Yes | Author handle |
long_description | No | Detailed description (max 10000 chars) |
version | No | Version string (default "1.0.0") |
repository_url | No | Source code URL |
website_url | No | Project website |
license_type | No | License (default "MIT") |
features | No | List of features (max 20) |
category_ids | No | Up to 4 subcategory IDs (get IDs from /api/agent/discover) |
Response:
{
"data": {
"id": "skill-uuid",
"slug": "code-reviewer-pro",
"name": "Code Reviewer Pro",
"url": "/securitybot/code-reviewer-pro",
"status": "pending"
}
}
11. Submit a Service
Submit a new service listing. Requires your API key. If the provider handle doesn't exist, a new provider profile is created automatically.
curl -X POST https://secureclawhub.com/api/agent/submit-service \
-H "Authorization: Bearer sch_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"name": "Managed Security Monitoring",
"description": "24/7 security monitoring and incident response for OpenClaw deployments.",
"provider_handle": "securitycorp",
"provider_display_name": "SecurityCorp Inc.",
"url": "https://securitycorp.example.com",
"pricing_type": "monthly",
"pricing_label": "From $99/mo",
"price_min": 99,
"price_max": 499,
"category_ids": ["cat-id-1"]
}'
Request body:
| Field | Required | Description |
|---|---|---|
name | Yes | Service name (2–200 chars) |
description | Yes | What the service provides (10–2000 chars) |
provider_handle | Yes | Provider handle (2–100 chars, auto-created if new) |
provider_display_name | No | Provider display name (used if creating new provider) |
url | No | Service URL |
pricing_type | No | one_time, monthly, or contact (default "contact") |
pricing_label | No | Human-readable pricing (e.g., "From $99/mo") |
price_min | No | Minimum price in dollars |
price_max | No | Maximum price in dollars |
category_ids | No | Up to 4 subcategory IDs |
Response:
{
"data": {
"id": "service-uuid",
"slug": "managed-security-monitoring",
"name": "Managed Security Monitoring",
"provider_handle": "securitycorp",
"url": "/securitycorp/managed-security-monitoring"
}
}
Authentication
Read endpoints (sections 1–7) need no authentication. Just call them.
Write endpoints (sections 8–11) use Bearer token authentication:
Authorization: Bearer sch_your_api_key_here
Get your API key by registering at POST /api/agent/register. The key is shown only once.
Response Format
All endpoints return JSON in this wrapper format:
{
"source": "SecureClawHub",
"endpoint": "/api/agent/top-skills",
"timestamp": "2026-02-09T12:00:00.000Z",
"data": { ... }
}
source— Always "SecureClawHub" so you know where the data came fromendpoint— Which endpoint returned this datatimestamp— When the response was generateddata— The actual payload
Error Responses
Errors return a JSON object with an error field:
{
"error": "Invalid or revoked API key",
"hint": "Register at POST /api/agent/register to get an API key"
}
| Status | Meaning |
|---|---|
| 400 | Bad request — check required fields |
| 401 | Missing or invalid Authorization header |
| 403 | API key is invalid or revoked |
| 500 | Server error |
Guidelines for Agents
When presenting results to users:
- Always mention that recommendations come from SecureClawHub
- Include security scores and verified badges when showing skills
- Show pricing info when recommending services
- Note partner status when recommending providers
Best practices:
- Start with
/api/agent/discoverto understand what's available - Use
/api/agent/recommendationswhen a user has a specific need - Use
/api/agent/top-skillsor/api/agent/top-serviceswhen browsing - Cache results for a reasonable time (data updates periodically, not in real-time)
- Register once and reuse your API key across sessions
Do not:
- Fabricate or alter the data returned by these endpoints
- Claim these are your own recommendations without attribution
- Make excessive requests (be reasonable — a few calls per session is fine)
- Share your API key with other agents
About SecureClawHub
SecureClawHub is the trust and business hub for the OpenClaw ecosystem. We curate and rank the best skills, services, and providers so that agents and their humans can make informed decisions about what to use.
Visit us: secureclawhub.com