Requirements
- an OpenClaw checkout or installation with the
openclawCLI available - network access to the selected source (ClawHub, npm, or a git host)
- any plugin-specific credentials, config keys, or OS tools named by that plugin’s setup docs
- permission for the Gateway that serves your channels to reload or restart
Quick start
1
Find the plugin
Search ClawHub for public plugin packages:ClawHub is the primary discovery surface for community plugins. During the
launch cutover, ordinary bare package specs still install from npm unless
they match an official plugin id. Raw
@openclaw/* specs that match a
bundled plugin resolve to that bundled copy. Use an explicit source prefix
when you need one source specifically.2
Install the plugin
npm-pack:, or marketplace sources require
--force in noninteractive installs after you
review and trust the source.3
Configure and enable it
Configure plugin-specific settings under If
plugins.entries.<id>.config.
Enable the plugin if it is not already enabled:plugins.allow is set, the installed plugin id must be in that list
before the plugin can load. openclaw plugins install adds the installed
id to an existing plugins.allow list and removes the same id from
plugins.deny so the explicit install can load after restart.4
Let the Gateway reload
Installing, updating, or uninstalling plugin code requires a Gateway
restart. A managed Gateway with config reload enabled detects the changed
plugin install record and restarts automatically. Otherwise, restart it
yourself:Enable/disable update config and the cold registry. A runtime inspect is
still the clearest proof of live runtime surfaces.
5
Verify runtime registration
--runtime to prove registered tools, hooks, services, Gateway
methods, or plugin-owned CLI commands. Plain inspect is a cold manifest
and registry check only.Configuration
Choose an install source
Bare package specs have special compatibility behavior: a bare name that
matches a bundled plugin id uses that bundled source; a bare name that matches
an official external plugin id uses the official package catalog; any other
bare spec installs through npm during the launch cutover. Raw
@openclaw/*
specs that match bundled plugins also resolve to the bundled copy before npm
fallback. Use npm:@openclaw/<plugin>@<version> to deliberately install the
external npm package instead of the bundled copy. Use clawhub:, npm:,
git:, or npm-pack: for deterministic source selection. See
openclaw plugins for the full command contract.
For npm installs, unpinned specs and @latest choose the newest stable
package that advertises compatibility with this OpenClaw build. If npm’s
current latest release declares a newer openclaw.compat.pluginApi or
openclaw.install.minHostVersion than this build supports, OpenClaw scans
older stable versions and installs the newest one that fits. Exact versions
and explicit channel tags such as @beta stay pinned to the selected package
and fail when incompatible.
Operator install policy
Configuresecurity.installPolicy to run a trusted local policy command
before a plugin install or update proceeds. The policy receives metadata plus
the staged source path and can allow or block the install. It covers both CLI
and Gateway-backed install/update paths. Plugin before_install hooks run
later, and only in OpenClaw processes where plugin hooks are loaded, so use
security.installPolicy for operator-owned install decisions instead. The
deprecated --dangerously-force-unsafe-install flag is accepted for
compatibility but is a no-op: it does not bypass install policy or OpenClaw’s
built-in plugin dependency denylist.
See Skills config
for the shared security.installPolicy exec schema used by both skills and
plugins.
Configure plugin policy
The common plugin config shape is:plugins.enabled: falsedisables all plugins and skips discovery/load work. Stale plugin references stay inert while this is active; re-enable plugins before running doctor cleanup if you want stale ids removed.plugins.denywins over allow and per-plugin enablement.plugins.allowis an exclusive allowlist. Plugin-owned tools outside the allowlist stay unavailable even whentools.allowincludes"*".plugins.entries.<id>.enabled: falsedisables one plugin while keeping its config.plugins.load.pathsadds explicit local plugin files or directories. Managedplugins installlocal paths must be plugin directories or archives; useplugins.load.pathsfor standalone plugin files.- Workspace-origin plugins are disabled by default; explicitly enable or allowlist them before using local workspace code.
- Bundled plugins follow their built-in default-on/default-off metadata unless config explicitly overrides it.
plugins.slots.<slot>(memoryorcontextEngine) picks one plugin for an exclusive category. Slot selection counts as explicit activation and force-enables the selected plugin for that slot, even if it would otherwise be opt-in.plugins.denyandplugins.entries.<id>.enabled: falsestill block it.- Bundled opt-in plugins can auto-activate when config names one of their owned surfaces, such as a provider/model ref, channel config, CLI backend, or agent harness runtime.
- OpenAI-family Codex routing keeps provider and runtime plugin boundaries
separate: legacy Codex model refs are legacy config that doctor repairs,
while the bundled
codexplugin owns Codex app-server runtime for canonicalopenai/*agent refs, explicitagentRuntime.id: "codex", and legacycodex/*refs.
plugins.allow is unset and non-bundled plugins are auto-discovered from
the workspace or global plugin roots, startup logs
plugins.allow is empty; discovered non-bundled plugins may auto-load: ...
with the discovered plugin ids and, for short lists, a minimal plugins.allow
snippet. Run openclaw plugins list --enabled --verbose
or openclaw plugins inspect <id> on the listed
plugin id before copying trusted plugins into openclaw.json. The same
trust-pinning applies when diagnostics say a plugin loaded
without install/load-path provenance: inspect that plugin id, then pin it in
plugins.allow or reinstall from a trusted source so OpenClaw records install
provenance.
Run openclaw doctor or openclaw doctor --fix when config validation
reports stale plugin ids, allowlist/tool mismatches, or legacy bundled plugin
paths.
Understand plugin formats
OpenClaw recognizes two plugin formats:
Both formats appear in
openclaw plugins list, openclaw plugins inspect,
openclaw plugins enable, and openclaw plugins disable. See
Plugin bundles for the bundle compatibility boundary and
Building plugins for native plugin authoring.
Plugin hooks
Plugins can register hooks at runtime through two different APIs:api.on(...)typed hooks for runtime lifecycle events. This is the preferred surface for middleware, policy, message rewriting, prompt shaping, and tool control.api.registerHook(...)for the internal hook system described in Hooks. This is mainly for coarse command/lifecycle side effects and compatibility with existing HOOK-style automation.
command:new,
command:reset, message:sent, or similar coarse events, api.registerHook
is fine.
Plugin-managed internal hooks show up in openclaw hooks list with
plugin:<id>. You cannot enable or disable them through openclaw hooks;
enable or disable the plugin instead.
Verify the active Gateway
openclaw plugins list and plain openclaw plugins inspect read cold config,
manifest, and registry state. They do not prove that an already-running
Gateway has imported the same plugin code.
When a plugin appears installed but live chat traffic does not use it:
openclaw gateway run child that
serves your channels, not only a wrapper or supervisor.
Troubleshooting
When stale plugin config still names a no-longer-discoverable channel plugin,
config validation downgrades that channel key to a warning instead of a hard
failure, so Gateway startup can still serve every other channel. Run
openclaw doctor --fix to remove stale plugin and channel entries. Unknown
channel keys without stale-plugin evidence still fail validation so typos
stay visible.
For intentional channel replacement, the preferred plugin should declare
channelConfigs.<channel-id>.preferOver with the legacy or lower-priority
plugin id. If both plugins are explicitly enabled, OpenClaw keeps that request
and reports duplicate channel/tool diagnostics instead of silently choosing
one owner.
If an installed package reports that it requires compiled runtime output for TypeScript entry ..., the package was published without the JavaScript files
OpenClaw needs at runtime. Update or reinstall after the publisher ships
compiled JavaScript, or disable/uninstall the plugin until then.
Blocked plugin path ownership
If diagnostics sayblocked plugin candidate: suspicious ownership (... uid=1000, expected uid=0 or root)
and validation follows with plugin present but blocked, OpenClaw found
plugin files owned by a different Unix user than the process loading them.
Keep the plugin config in place; fix the filesystem ownership or run OpenClaw
as the same user that owns the state directory.
For Docker installs, the official image runs as node (uid 1000), so the
host bind-mounted OpenClaw config and workspace directories should normally be
owned by uid 1000:
openclaw doctor --fix or
openclaw plugins registry --refresh so the persisted plugin registry
matches the repaired files.
Slow plugin tool setup
If agent turns appear to stall while preparing tools, enable trace logging and check for plugin tool factory timing lines:Related
- Manage plugins - command examples for list, install, update, uninstall, and publish
openclaw plugins- full CLI reference- Plugin inventory - generated bundled and external plugin list
- Plugin reference - generated per-plugin reference pages
- Community plugins - ClawHub discovery and docs PR policy
- Plugin dependency resolution - install roots, registry records, and runtime boundaries
- Building plugins - native plugin authoring guide
- Plugin SDK overview - runtime registration, hooks, and API fields
- Plugin manifest - manifest and package metadata