What is an OpenClaw plugin?

An OpenClaw plugin is a package that can add channels, model providers, tools, memory, voice, or other runtime capabilities to the gateway.

Where should OpenClaw plugins be installed from?

ClawHub is the canonical discovery surface, but OpenClaw can also install plugins from npm, local paths, archives, and compatible marketplaces.

How do you tell whether an OpenClaw plugin is mature?

The best signals are active maintenance, public source code, installation documentation, clear ownership, release history, and real usage signals such as stars or install counts.

Which OpenClaw plugins are most useful for long conversations?

Memory-focused plugins such as memory-lancedb, memory-wiki, and Lossless Claw are the most directly useful when long sessions and context retention matter.

Are CRM and calendar plugins mature in OpenClaw?

OpenClaw has promising early repos for CRM, Gmail, and Calendar work, but the strongest native plugin coverage today is still in memory, channels, providers, voice, web access, and observability.

How do OpenClaw skills differ from plugins?

Plugins are native gateway packages installed through the CLI and validated with manifests so they can register channels, providers, tools, memory, and other runtime hooks in process. Skills are agent-facing packs and workflows that often appear on ClawHub beside plugins but follow different packaging and trust rules. This article focuses on plugins. Skills are worth a dedicated guide.

OpenClaw Plugins — Ecosystem Guide and Practical Picks

Plugins first. Skills naming in brief.

Page content

This article is about OpenClaw plugins — native gateway packages that add channels, model providers, tools, speech, memory, media, web search, and other runtime surfaces.

The rest of the piece covers discovery, packaging, CLI lifecycle, maturity, security, and concrete plugin picks.

OpenClaw skills matter for navigation and safety because ClawHub and announcement text often say “skills” when they mean installable agent packs and workflows. Those are related to the same registries you use for plugins, but they are not the same mechanism as a validated openclaw.plugin.json package. The glossary below keeps the vocabulary straight; the OpenClaw skills guide goes deeper on authoring, moderation, usage patterns, and per-role stacks.

At the same time, the public plugin ecosystem is uneven. The strongest parts are still bundled first-party surfaces and a small set of community plugins with visible maintenance and usage. The weaker parts are the business-automation edge cases that look impressive in demos but still have thin public adoption signals, including skill-oriented repos that are not yet mature native plugins.

OpenClaw plugins and ecosystem

If you want the short version up front, this is it. In OpenClaw today, the “actually useful” plugin layer is mostly about boring wins: browser access, web extraction, memory, provider routing, voice, channels, observability, and workflow triggers. The categories that sound most enterprise-friendly — CRM, lead generation, inbox automation, calendar orchestration — do exist publicly, but the verified native-plugin surface is still much thinner and less battle-tested than the rest of the stack. That is not a criticism so much as a maturity signal.

Glossary (plugins, extensions, skills)

OpenClaw plugins — Native gateway packages installed with openclaw plugins …, validated through openclaw.plugin.json, and able to register channels, providers, tools, memory backends, and other hooks inside the gateway process.
OpenClaw extensions — Workspace and global directories OpenClaw scans as plugin roots before bundled defaults (extension paths under the workspace, then ~/.openclaw). This is a layout and discovery idea. It is not a different kind of artifact from plugins; it is where plugin packages are loaded from.
OpenClaw skills — Agent-facing packs and workflows often published for OpenClaw-style agents and listed on ClawHub alongside packages. Security and moderation messaging frequently refers to “skills” because that layer has its own adoption and abuse history. Treat skills as a related install surface, not as a synonym for “native plugin” unless the listing is actually a plugin package with a manifest.

When OpenClaw imports content from Codex, Claude, or Cursor ecosystems, upstream docs often call those bundles, not native plugins. Bundles map to selective features and a narrower trust boundary than full plugins. If you mix bundles, skills marketing, and native OpenClaw plugins without that distinction, the ecosystem looks broader than it actually is.

Why this ecosystem matters

Inside the codebase and CLI, the extension story is still expressed as plugins. Discovery walks explicit config paths, then extension directories, then bundled plugins — same capability type, different roots. Skills enter the picture when you browse ClawHub or read incident writeups, not when you reason about slot selection for memory or contextEngine.

The plugin system is also opinionated in a useful way. OpenClaw does not treat plugins as a cosmetic add-on layer. It uses them for concrete runtime ownership: channels, model providers, tools, memory backends, context engines, speech, realtime voice, media understanding, image generation, video generation, web fetch, and web search. Some of those ship bundled inside OpenClaw, while others are external packages published by the community on npm or ClawHub.

That is why the plugin ecosystem matters more than it first appears. In practice, plugin choice determines not just integrations, but also how the assistant searches, remembers, calls, routes, fetches, traces, and survives long-running sessions. For a technical blog, that is the important frame. Not “which package looks cool”, but “which package owns a meaningful runtime surface”.

How the plugin system actually works

Under the hood, OpenClaw discovers plugins in a fixed order, and first match wins. It looks at explicit config paths first, then workspace extension directories, then global extensions under ~/.openclaw, and finally bundled plugins that ship with OpenClaw. Workspace-origin plugins are disabled by default, restrictive allowlists can block even bundled plugins, and some capability classes are exclusive slots, notably memory and contextEngine.

That slot model is one of the least flashy but most important parts of the system. It means plugins are not only additive. In some categories they are selectors. memory-core can be the active memory plugin, memory-lancedb can replace it, and a context engine such as lossless-claw can replace the default legacy context engine. This is why memory plugins tend to matter operationally more than UI-facing plugins. They change how the assistant thinks across time, not just where it sends messages.

Native plugins also have a fairly strict packaging model. A package advertises its plugin entrypoints and setup metadata through package.json, while openclaw.plugin.json is the manifest OpenClaw uses to validate plugin identity and config before executing plugin code. That manifest is not decorative. Missing or invalid manifests are treated as plugin errors and block config validation. The platform is clearly trying to fail early rather than load first and hope later.

The SDK surface is broader than many blog posts imply. Plugin hooks can intercept model resolution, agent lifecycle, message flow, tool execution, sub-agent coordination, and gateway lifecycle, and the docs state that the SDK exposes 28 hooks. That is enough power to build real runtime products, but it is also enough power to create runtime surprises if the plugin is immature.

Where to get plugins and how the lifecycle works

Plugin installs always go through the openclaw plugins commands below. ClawHub lists both native plugin packages and OpenClaw skills-style entries, so read each listing for manifests and supported install paths — this section is only about the plugin path.

The public repository layer is straightforward. ClawHub is the canonical discovery surface for community plugins and many skills listings, and OpenClaw can install plugins from ClawHub, npm, local paths, local archives, and supported marketplaces. For bare package names, OpenClaw checks ClawHub first and falls back to npm automatically. That alone answers one of the common ecosystem questions: yes, there is a public repository story, but it is split between the official registry layer and npm.

The install and removal lifecycle is also clearer than the ecosystem chatter makes it sound. The CLI supports listing, inspecting, enabling, disabling, uninstalling, doctoring, and updating plugins. Config changes require a gateway restart, although the default openclaw gateway path may auto-restart after a config write lands. In practice, temporary removal is disable, hard removal is uninstall, and validation failures are designed to fail closed instead of leaving half-installed state behind.

The commands you actually need are simple:

openclaw plugins list
openclaw plugins inspect <id>
openclaw plugins install <package>
openclaw plugins enable <id>
openclaw plugins disable <id>
openclaw plugins uninstall <id>
openclaw gateway restart

Those commands are the stable part. The interesting parts are the safety rails around them. OpenClaw recommends pinned versions for plugin installs, uses --ignore-scripts for npm dependency installs, validates compatibility metadata such as pluginApi and minGatewayVersion before archive installs, and ships a built-in dangerous-code scanner with a break-glass override named --dangerously-force-unsafe-install. That is a more serious security posture than many agent ecosystems currently offer.

One subtle detail is worth calling out. ClawHub install counts are useful, but they are not absolute ecosystem census numbers. The documentation says install counts are computed when logged-in users run clawhub sync, and stale roots stop counting after 120 days. That makes ClawHub usage counters directionally useful, especially for ranking, but not a universal measure of actual adoption.

Maturity, support, and security reality

The maturity story is split in two. First-party bundled plugins are the safest default because they live inside the main OpenClaw release train, share the same compatibility model, and benefit from a very large public core repository footprint. At crawl time, the main openclaw/openclaw repository showed roughly 359k GitHub stars, which is the strongest public popularity signal anywhere in this ecosystem. Community plugins can absolutely be useful, but they are not all equal and they do not inherit that maturity automatically.

OpenClaw’s own community-plugin page is refreshingly blunt about the quality bar. The project asks for a public GitHub repository, working installation through openclaw plugins install, setup and usage docs, and active maintenance. Low-effort wrappers, unclear ownership, or unmaintained packages may be declined. That tells you a lot about where the team has already seen ecosystem failure.

Security is the part where opinion should replace hype. The docs themselves say to treat OpenClaw plugin installs like running code. ClawHub exposes moderation hooks, stars, comments, and usage signals, and the broader OpenClaw security response has moved toward stronger package scrutiny. The team announced VirusTotal scanning for all ClawHub skills, and independent security research documented malicious ClawHub campaigns and large-scale insecure credential handling in early 2026. Those incidents were centered on OpenClaw skills and skill-style listings, not every native plugin path, but they are still the correct backdrop for evaluating the whole installable ecosystem. The lesson is simple: the extension perimeter — config, OpenClaw extensions directories, and anything you install from a registry — is now part of the attack surface.

A second, more nuanced security point is that safer ecosystems still produce false positives. OpenClaw’s dangerous-code scanner is heuristic, and public plugin maintainers have already had to react to scanner warnings and installation friction. That is not a sign that the scanner is wrong to exist. It is a sign that “scanner clean” and “safe” are not identical concepts, and that human review still matters for nontrivial plugins.

Useful plugins worth tracking right now

What follows is the pragmatic list, not the maximal list. For bundled first-party plugins that do not have standalone repos, the popularity metric below uses the OpenClaw core repo star count as the proxy. For community plugins, the popularity metric uses the canonical public GitHub repo star count visible at crawl time.

Tools and web access

browser
URL: https://docs.openclaw.ai/tools/browser
This is the default serious-tool plugin because it gives the agent a managed isolated browser profile and an attach-to-user-browser mode when logged-in human sessions matter. That is more useful than another generic web search wrapper. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
firecrawl
URL: https://docs.openclaw.ai/tools/firecrawl
Firecrawl is useful because it can act as a web_search provider, expose explicit firecrawl_search and firecrawl_scrape tools, and serve as a web_fetch fallback for JS-heavy or anti-bot pages. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
tavily
URL: https://docs.openclaw.ai/tools/tavily
Tavily is still one of the cleaner structured-search options because it exposes both search and extraction and is explicitly optimized for LLM consumption. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
exa
URL: https://docs.openclaw.ai/tools/exa-search
Exa is the best fit when you want hybrid search modes plus extraction in one provider without immediately jumping to browser automation. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.

Integrations and collaboration

matrix
URL: https://docs.openclaw.ai/channels/matrix
Matrix is one of the more complete bundled collaboration plugins because it already supports DMs, rooms, threads, media, reactions, polls, location, and E2EE through matrix-js-sdk. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
msteams
URL: https://docs.openclaw.ai/channels/msteams
Teams matters because it is one of the few enterprise channels with a real first-party path, including Azure Bot setup, tenant credentials, default webhook shape, and group-chat policy controls. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
wecom
URL: https://github.com/WecomTeam/wecom-openclaw-plugin
WeCom is one of the stronger community channel plugins because it is officially maintained by the Tencent WeCom team and supports direct messages, group chats, streaming replies, proactive messaging, and both Bot and Agent operating modes. Popularity: about 365 GitHub stars.
openclaw-discourse
URL: https://github.com/pranciskus/discourse-openclaw
Discourse is a good example of a plugin that is small but useful. It focuses on searching, reading, filtering, finding unanswered topics, and optionally writing back to the forum, which is exactly what support and community workflows need. Popularity: about 10 GitHub stars.

A side note here is that Slack is less interesting in a plugins article than many people expect, because Slack is already treated as a built-in channel surface in current OpenClaw documentation and marketing copy. Teams and WeCom are more revealing plugin picks because they show where external or bundled channel ownership still matters visibly.

Memory and context

memory-lancedb
URL: https://docs.openclaw.ai/tools/plugin
This is the practical long-session memory pick in the bundled set. OpenClaw describes it as an install-on-demand long-term memory plugin with auto-recall and capture, selected through plugins.slots.memory. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
memory-wiki
URL: https://docs.openclaw.ai/plugins/memory-wiki
memory-wiki is not a replacement memory backend. It is a companion plugin that compiles durable memory into a navigable wiki with provenance, contradictions, dashboards, and wiki-native search and apply tools. That makes it more useful for knowledge maintenance than raw recall alone. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
lossless-claw
URL: https://github.com/Martian-Engineering/lossless-claw
This is probably the most important community memory-context plugin right now. It replaces sliding-window compaction with DAG-based summarization that preserves full conversation history while keeping active context inside token limits. Popularity: about 4.3k GitHub stars.
memos-cloud
URL: https://github.com/MemTensor/MemOS-Cloud-OpenClaw-Plugin
MemOS Cloud is noteworthy because it treats memory as a lifecycle plugin, recalling context before execution and saving results after each run. That makes it closer to persistent memory infrastructure than a note store. Popularity: about 339 GitHub stars.

Model providers and harnesses

openai
URL: https://docs.openclaw.ai/providers/openai
The OpenAI provider remains useful mostly because OpenClaw separates direct API access via openai/* from ChatGPT or Codex OAuth via openai-codex/*, which avoids a lot of confusion around billing and runtime path. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
anthropic
URL: https://docs.openclaw.ai/providers/anthropic
Anthropic is useful because OpenClaw supports both API keys and Claude CLI reuse, while still documenting API keys as the clearest long-lived gateway path. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
openrouter
URL: https://docs.openclaw.ai/providers/openrouter
OpenRouter is the pragmatic aggregation plugin. It gives a single endpoint and API key for many models and defaults onboarding to openrouter/auto, which makes it operationally convenient even if it is not the most opinionated route. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
google
URL: https://docs.openclaw.ai/providers/google
Google is more than just another text provider in OpenClaw. The plugin also brings image generation, media understanding, and web search via Gemini Grounding. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
codex
URL: https://docs.openclaw.ai/plugins/codex-harness
The bundled Codex harness is useful when you want the Codex app-server to own the low-level session, thread resume, compaction, and execution path, while OpenClaw still owns channels and visible transcripts. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.

Dev workflows and observability

openclaw-codex-app-server
URL: https://github.com/pwrdrvr/openclaw-codex-app-server
This is one of the clearest community dev-workflow wins. It binds a chat to a Codex App Server thread and exposes chat-native controls for resume, planning, review, model selection, and compaction. Popularity: about 193 GitHub stars.
@opik/opik-openclaw
URL: https://github.com/comet-ml/opik-openclaw
Opik is the clean observability plugin pick. It exports LLM spans, tool spans, sub-agent spans, usage, and cost metadata to Opik, and it has visible release cadence and public docs. Popularity: about 453 to 459 GitHub stars.
manifest
URL: https://github.com/mnfst/manifest/tree/main/packages/openclaw-plugin
Manifest matters because it combines model routing and observability in one plugin, intercepting requests to score and route them while recording costs and timings. It is one of the bigger public projects in the ecosystem, though it has also had public friction around scanner warnings and onboarding noise. Popularity: about 4.3k GitHub stars.

Voice agents and multi-step workflows

voice-call
URL: https://docs.openclaw.ai/plugins/voice-call
This is the useful voice plugin, not the flashy one. It supports outbound calls, multi-turn conversations, inbound call policies, and current providers including Twilio, Telnyx, Plivo, and a mock transport. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.
webhooks
URL: https://docs.openclaw.ai/plugins/webhooks
The Webhooks plugin is the most underrated workflow plugin because it lets trusted systems such as Zapier, n8n, CI jobs, or internal services create and drive TaskFlows over authenticated HTTP routes. It is much less glamorous than AI orchestration marketing, but much closer to how teams actually automate work. Popularity: bundled first-party plugin, proxy metric 359k core repo stars.

Lead generation, CRM, and email-calendar automation

This is the part of the ecosystem where restraint is healthy. Based on the public packages and repositories I could verify, OpenClaw has promising native plugin experiments for Google Workspace and Google Calendar, and there are early CRM-oriented packages in the wider ecosystem, but the public popularity signals are still very small. tensorfold/openclaw-google-workspace presented an all-in-one Gmail, Calendar, Drive, Contacts, Tasks, and Sheets plugin but showed 0 GitHub stars. alefsolutions/openclaw-google-calendar also showed 0 GitHub stars. crm-skills-openclaw existed publicly with HubSpot and Salesforce direction, but it is a skill-oriented repo rather than a mature native plugin, and it showed about 1 GitHub star. That does not make these projects useless. It makes them early.

There is also an interesting social-and-growth plugin direction. SendIt exposes publishing, analytics, campaigns, inbox, CRM, and workflow tools through an OpenClaw plugin plus a bundled skill pack. Publicly, though, the repo still showed 0 GitHub stars at crawl time. The honest reading is that this category is promising, but not yet popular enough to call mature.

So the practical conclusion for lead generation and business automation is mildly unromantic. OpenClaw’s strongest plugin-native wins today are still web access, memory, routing, channels, voice, and observability. For CRM-heavy or inbox-heavy workflows, the real-world path is still often a mix of Webhooks, a provider or browser plugin, and skills or API bridges rather than one dominant plugin package. That pattern is visible in the public ecosystem itself, and it maps directly to the plugin and skill stacks described in the OpenClaw production setup guide.

Bottom line

The useful OpenClaw plugin ecosystem today is less about novelty than about operational leverage. The boring picks are still the right picks: browser, firecrawl, tavily, memory-lancedb, memory-wiki, voice-call, webhooks, and the bundled provider plugins for OpenAI, Anthropic, Google, OpenRouter, and Codex. On the community side, lossless-claw, @opik/opik-openclaw, openclaw-codex-app-server, manifest, and wecom are the clearest public packages with visible utility and public traction.

When you later evaluate OpenClaw skills on the same registries, use the same hygiene as for plugins (pin versions, read manifests, treat scanning as directional). See the OpenClaw skills guide for per-role stacks and a security checklist. For extension directories, keep workspace plugin roots intentional and use allowlists when you cannot trust every path on disk.

The opinionated read is this. OpenClaw already has a serious native plugin platform, and extension directories give you predictable places to stage that code. Skills widen what you can publish without always widening what runs with full plugin privileges. The part that deserves trust right now is still the runtime plumbing layer for native plugins, not the long tail of business-ops demos. If you want a useful baseline rather than an aspirational one, that is the line to hold.

For how these plugin choices map to real user types and production workflows, see OpenClaw production setup patterns.