mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-05 19:20:22 +00:00
docs: refresh plugin install and marketplace refs
This commit is contained in:
Peter Steinberger
@@ -62,6 +62,7 @@ openclaw plugins install <package> --dangerously-force-unsafe-install
|
||||
openclaw plugins install <path> # local path
|
||||
openclaw plugins install <plugin>@<marketplace> # marketplace
|
||||
openclaw plugins install <plugin> --marketplace <name> # marketplace (explicit)
|
||||
openclaw plugins install <plugin> --marketplace https://github.com/<owner>/<repo>
|
||||
```
|
||||
|
||||
Bare package names are checked against ClawHub first, then npm. Security note:
|
||||
@@ -71,6 +72,10 @@ treat plugin installs like running code. Prefer pinned versions.
|
||||
plugin or hook pack in place. Use it when you are intentionally reinstalling
|
||||
the same id from a new local path, archive, ClawHub package, or npm artifact.
|
||||
|
||||
`--pin` applies to npm installs only. It is not supported with `--marketplace`,
|
||||
because marketplace installs persist marketplace source metadata instead of an
|
||||
npm spec.
|
||||
|
||||
`--dangerously-force-unsafe-install` is a break-glass option for false positives
|
||||
in the built-in dangerous-code scanner. It allows the install to continue even
|
||||
when the built-in scanner reports `critical` findings, but it does **not**
|
||||
@@ -135,6 +140,7 @@ Use `--marketplace` when you want to pass the marketplace source explicitly:
|
||||
```bash
|
||||
openclaw plugins install <plugin-name> --marketplace <marketplace-name>
|
||||
openclaw plugins install <plugin-name> --marketplace <owner/repo>
|
||||
openclaw plugins install <plugin-name> --marketplace https://github.com/<owner>/<repo>
|
||||
openclaw plugins install <plugin-name> --marketplace ./my-marketplace
|
||||
```
|
||||
|
||||
@@ -143,11 +149,12 @@ Marketplace sources can be:
|
||||
- a Claude known-marketplace name from `~/.claude/plugins/known_marketplaces.json`
|
||||
- a local marketplace root or `marketplace.json` path
|
||||
- a GitHub repo shorthand such as `owner/repo`
|
||||
- a GitHub repo URL such as `https://github.com/owner/repo`
|
||||
- a git URL
|
||||
|
||||
For remote marketplaces loaded from GitHub or git, plugin entries must stay
|
||||
inside the cloned marketplace repo. OpenClaw accepts relative path sources from
|
||||
that repo and rejects external git, GitHub, URL/archive, and absolute-path
|
||||
that repo and rejects HTTP(S), absolute-path, git, GitHub, and other non-path
|
||||
plugin sources from remote manifests.
|
||||
|
||||
For local paths and archives, OpenClaw auto-detects:
|
||||
@@ -288,5 +295,6 @@ openclaw plugins marketplace list <source> --json
|
||||
```
|
||||
|
||||
Marketplace list accepts a local marketplace path, a `marketplace.json` path, a
|
||||
GitHub shorthand like `owner/repo`, or a git URL. `--json` prints the resolved
|
||||
source label plus the parsed marketplace manifest and plugin entries.
|
||||
GitHub shorthand like `owner/repo`, a GitHub repo URL, or a git URL. `--json`
|
||||
prints the resolved source label plus the parsed marketplace manifest and
|
||||
plugin entries.
|
||||
|
||||
@@ -410,11 +410,17 @@ openclaw plugins install @myorg/openclaw-my-plugin
|
||||
```
|
||||
|
||||
OpenClaw tries ClawHub first and falls back to npm automatically. You can also
|
||||
force a specific source:
|
||||
force ClawHub explicitly:
|
||||
|
||||
```bash
|
||||
openclaw plugins install clawhub:@myorg/openclaw-my-plugin # ClawHub only
|
||||
openclaw plugins install npm:@myorg/openclaw-my-plugin # npm only
|
||||
```
|
||||
|
||||
There is no matching `npm:` override. Use the normal npm package spec when you
|
||||
want the npm path after ClawHub fallback:
|
||||
|
||||
```bash
|
||||
openclaw plugins install @myorg/openclaw-my-plugin
|
||||
```
|
||||
|
||||
**In-repo plugins:** place under the bundled plugin workspace tree and they are automatically
|
||||
|
||||
@@ -44,6 +44,14 @@ openclaw plugins install openclaw-codex-app-server
|
||||
Native `openclaw` commands install into your active workspace and persist source
|
||||
metadata so later `update` calls can stay on ClawHub.
|
||||
|
||||
Plugin installs validate advertised `pluginApi` and `minGatewayVersion`
|
||||
compatibility before archive install runs, so incompatible hosts fail closed
|
||||
early instead of partially installing the package.
|
||||
|
||||
`openclaw plugins install clawhub:...` only accepts installable plugin families.
|
||||
If a ClawHub package is actually a skill, OpenClaw stops and points you at
|
||||
`openclaw skills install <slug>` instead.
|
||||
|
||||
## What ClawHub is
|
||||
|
||||
- A public registry for OpenClaw skills and plugins.
|
||||
@@ -102,6 +110,10 @@ Native `openclaw skills install` installs into the active workspace `skills/`
|
||||
directory. `openclaw plugins install clawhub:...` records a normal managed
|
||||
plugin install plus ClawHub source metadata for updates.
|
||||
|
||||
Anonymous ClawHub plugin installs also fail closed for private packages.
|
||||
Community or other non-official channels can still install, but OpenClaw warns
|
||||
so operators can review source and verification before enabling them.
|
||||
|
||||
The separate `clawhub` CLI also installs skills into `./skills` under your
|
||||
current working directory. If an OpenClaw workspace is configured, `clawhub`
|
||||
falls back to that workspace unless you override `--workdir` (or
|
||||
|
||||
@@ -217,6 +217,7 @@ openclaw plugins install <spec> --force # overwrite existing install
|
||||
openclaw plugins install <path> # install from local path
|
||||
openclaw plugins install -l <path> # link (no copy) for dev
|
||||
openclaw plugins install <plugin> --marketplace <source>
|
||||
openclaw plugins install <plugin> --marketplace https://github.com/<owner>/<repo>
|
||||
openclaw plugins install <spec> --pin # record exact resolved npm spec
|
||||
openclaw plugins install <spec> --dangerously-force-unsafe-install
|
||||
openclaw plugins update <id> # update one plugin
|
||||
@@ -239,6 +240,9 @@ plugin). Other bundled plugins still need `openclaw plugins enable <id>`.
|
||||
It is not supported with `--link`, which reuses the source path instead of
|
||||
copying over a managed install target.
|
||||
|
||||
`--pin` is npm-only. It is not supported with `--marketplace`, because
|
||||
marketplace installs persist marketplace source metadata instead of an npm spec.
|
||||
|
||||
`--dangerously-force-unsafe-install` is a break-glass override for false
|
||||
positives from the built-in dangerous-code scanner. It allows plugin installs
|
||||
and plugin updates to continue past built-in `critical` findings, but it still
|
||||
@@ -258,6 +262,12 @@ directories.
|
||||
`openclaw plugins inspect <id>` also reports detected bundle capabilities plus
|
||||
supported or unsupported MCP and LSP server entries for bundle-backed plugins.
|
||||
|
||||
Marketplace sources can be a Claude known-marketplace name from
|
||||
`~/.claude/plugins/known_marketplaces.json`, a local marketplace root or
|
||||
`marketplace.json` path, a GitHub shorthand like `owner/repo`, a GitHub repo
|
||||
URL, or a git URL. For remote marketplaces, plugin entries must stay inside the
|
||||
cloned marketplace repo and use relative path sources only.
|
||||
|
||||
See [`openclaw plugins` CLI reference](/cli/plugins) for full details.
|
||||
|
||||
## Plugin API overview
|
||||
|
||||
Reference in New Issue
Block a user