Skip to content

feat(clawhub): add full LLM tool integration + CLI (RMN-300)#1432

Closed
klampatech wants to merge 1197 commits intozeroclaw-labs:masterfrom
klampatech:feat/clawhub-llm-integration
Closed

feat(clawhub): add full LLM tool integration + CLI (RMN-300)#1432
klampatech wants to merge 1197 commits intozeroclaw-labs:masterfrom
klampatech:feat/clawhub-llm-integration

Conversation

@klampatech
Copy link
Copy Markdown
Contributor

@klampatech klampatech commented Feb 22, 2026
edited by chumyin
Loading

Linear: RMN-300

Summary

  • Base branch target: main
  • Problem:
    • Telegram channel caused MiniMax 500 errors due to [IMAGE: markers in system prompt being incorrectly parsed as image references
    • ClawHub install tool was incomplete (only showed preview, didn't actually install)
    • No uninstall tool available for LLM use
    • CLI search didn't show install commands
  • Why it matters: ClawHub skill management was broken for LLM agents and Telegram
  • What changed:
    • Full clawhub_install tool implementation with download, audit, install
    • New clawhub_uninstall tool for LLM use
    • Fixed Telegram channel media marker format to avoid parsing conflicts
    • Updated CLI search to display install commands
    • Fixed observability config (stdout → none)
  • What did not change: Core ClawHub API client, search tool behavior

Label Snapshot

  • Risk label (risk: low|medium|high): medium
  • Size label (size: XS|S|M|L|XL): M
  • Scope labels: skills, channel:telegram, tool
  • Module labels: tool:clawhub, channel:telegram

Change Metadata

  • Change type (bug|feature|refactor|docs|security|chore): feature
  • Primary scope (runtime|provider|channel|memory|security|ci|docs|multi): tool

Validation Evidence

cargo fmt --all -- --check  # Pass
cargo clippy --all-targets -- -D warnings  # Pre-existing warnings (not from changes)
cargo test --lib  # Pass (2829 tests)
  • Evidence: All tests pass, manual testing verified:
    • CLI clawhub search shows install commands
    • CLI clawhub install works
    • CLI clawhub uninstall works
    • LLM can search, install, and uninstall skills via tools
    • Telegram works without 500 errors

Security Impact

  • New permissions/capabilities? No
  • New external network calls? No (uses existing ClawHub API)
  • Secrets/tokens handling changed? No
  • File system access scope changed? No (writes to workspace/skills, same as before)

Compatibility / Migration

  • Backward compatible? Yes
  • Config/env changes? Only user config (changed stdout to none)
  • Migration needed? No

Human Verification

  • Verified scenarios: CLI search/install/uninstall, LLM tool calls, Telegram messaging
  • Edge cases: Already-installed skills, non-existent skills
  • What was not verified: ClawHub auth (login/whoami)

Side Effects / Blast Radius

  • Affected subsystems: Skills, Telegram channel, CLI
  • Potential unintended effects: None
  • Guardrails: Security audit runs before any install

Rollback Plan

  • Fast rollback command: git revert HEAD
  • Feature flags or config toggles: None
  • Observable failure symptoms: Missing tools, Telegram errors

Risks and Mitigations

  • Risk: LLM might install malicious skills
    • Mitigation: Security audit runs on all skills before install

Summary by CodeRabbit

Release Notes

  • New Features

    • ClawHub skill marketplace integration with search, install, and uninstall capabilities
    • New CLI commands for managing and discovering skills
    • Enhanced skill configuration and registry system

  • Bug Fixes

    • Fixed Telegram markdown code-block rendering
    • Corrected Telegram notification logging behavior

@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 22, 2026

Thanks for contributing to ZeroClaw.

For faster review, please ensure:

  • PR template sections are fully completed
  • cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test are included
  • If automation/agents were used heavily, add brief workflow notes
  • Scope is focused (prefer one concern per PR)

See CONTRIBUTING.md and docs/pr-workflow.md for full collaboration rules.

@github-actions github-actions bot added core Auto scope: root src/*.rs files changed. channel Auto scope: src/channels/** changed. config Auto scope: src/config/** changed. onboard Auto scope: src/onboard/** changed. skills Auto scope: src/skills/** changed. tool Auto scope: src/tools/** changed. size: XL Auto size: >1000 non-doc changed lines. risk: high Auto risk: security/runtime/gateway/tools/workflows. provider Auto scope: src/providers/** changed. config: core Auto module: config core files changed. onboard: wizard Auto module: onboard/wizard changed. skills: core Auto module: skills core files changed. and removed config Auto scope: src/config/** changed. onboard Auto scope: src/onboard/** changed. skills Auto scope: src/skills/** changed. labels Feb 22, 2026
@klampatech
Copy link
Copy Markdown
Contributor Author

klampatech commented Feb 22, 2026

Updated PR Details

Validation Evidence

cargo fmt --all -- --check       # Pass
cargo clippy --all-targets -- -D warnings  # Pass (pre-existing warnings only)
cargo test --lib                 # Pass (2829 tests)

Manual Testing Evidence:

  • CLI clawhub search - Shows install commands ✅
  • CLI clawhub install <slug> - Successfully installs skills ✅
  • CLI clawhub uninstall <slug> - Successfully uninstalls ✅
  • LLM clawhub_search tool - Returns skills with slug ✅
  • LLM clawhub_install tool - Downloads, audits, installs ✅
  • LLM clawhub_uninstall tool - Removes skills ✅
  • Telegram - No 500 errors (verified with MiniMax) ✅

Security Impact

  • New permissions/capabilities? No
  • New external network calls? No (uses existing ClawHub API)
  • Secrets/tokens handling changed? No
  • File system access scope changed? No (writes to workspace/skills)

Privacy Status

  • Data-hygiene status: pass
  • No personal data, sensitive info, or identity-like wording

Rollback Plan

  • Fast rollback: git revert HEAD
  • No feature flags
  • Failure symptoms: Missing tools, Telegram errors

Note on Target Branch

This PR targets main because the changes include bug fixes (Telegram 500 error) that are needed in production. The dev branch has diverged significantly and would require conflict resolution. If preferred, I can rebase onto dev.

@github-actions github-actions bot added agent Auto scope: src/agent/** changed. config Auto scope: src/config/** changed. gateway Auto scope: src/gateway/** changed. onboard Auto scope: src/onboard/** changed. skills Auto scope: src/skills/** changed. and removed provider Auto scope: src/providers/** changed. agent Auto scope: src/agent/** changed. config Auto scope: src/config/** changed. gateway Auto scope: src/gateway/** changed. onboard Auto scope: src/onboard/** changed. skills Auto scope: src/skills/** changed. skills: core Auto module: skills core files changed. labels Feb 22, 2026
klampatech and others added 29 commits March 5, 2026 10:22
@klampatech @claude @theonlyhennygod
feat(clawhub): add types module with ClawHubSkill, SearchResult, and …
bd43439 
…InstalledSkill structs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
feat(clawhub): add module documentation and re-export types
6728dfe 
- Add module-level documentation to clawhub integration
- Re-export types for cleaner public API
- Fix serialization: change stars and total from i32 to u32

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
feat(clawhub): add API client with search, get_skill, get_user methods
eb59629 
Implements ClawHubClient for interacting with clawhub.ai API.
- search(): search skills by query with limit
- get_skill(): get skill metadata by slug
- get_user(): get authenticated user info

Includes tests for default and custom API URL configuration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
feat(clawhub): add skill downloader and local registry
71fdc47 
- Add SkillDownloader for fetching skill content from GitHub raw URLs
- Add Registry for tracking installed ClawHub skills locally
- Both modules include inline unit tests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
feat(config): add ClawHub configuration section
c196fae 
Add ClawHubConfig struct to schema with:
- api_url: ClawHub API URL (default: https://clawhub.ai)
- auto_update: Auto-update installed clawhub skills on agent start

Add clawhub field to main Config struct.
Add ClawHubConfig to config module exports.
Update all Config initializations in tests and wizard.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
feat(clawhub): add CLI commands for clawhub
3df1400 
Add CLI commands for managing ClawHub skills:
- search: Search for skills on ClawHub
- install: Install a skill from ClawHub
- uninstall: Uninstall a skill
- list: List installed skills
- update: Update all installed skills
- inspect: Show skill details
- login: Login to ClawHub
- whoami: Show current user

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
feat(clawhub): add LLM tools for clawhub search and install
0cd4c80 
Add two new tools:
- clawhub_search: Search for skills on ClawHub by query
- clawhub_install: Get info about a skill by slug (install placeholder)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @theonlyhennygod
feat(clawhub): add skills README update functionality
cf76327
@klampatech @theonlyhennygod
fix(clawhub): update API types to match actual ClawHub responses
650cbd2 
- Update SearchResult to use 'results' field from API
- Add SkillDetail, SkillInfo, SkillStats, LatestVersion, SkillOwner types
- Fix client to use correct API endpoints (/api/search, /api/skill?slug=)
- Convert API responses to internal ClawHubSkill format
- Update CLI and tools to use new client methods
@klampatech @theonlyhennygod
fix(clawhub): use 'clawhub' instead of 'claw-hub' as command name
75eb510
@klampatech @theonlyhennygod
feat(clawhub): implement full install and uninstall flow
0aad66d 
- Add full install: download, security audit, save to skills dir
- Add uninstall: remove skill directory and update registry
- Make skills::audit module accessible from clawhub
- Fix command name to use 'clawhub' instead of 'claw-hub'
@klampatech @theonlyhennygod
feat(clawhub): register clawhub tools in tool registry
db29765 
- Add ClawhubSearchTool and ClawhubInstallTool to all_tools
- Tools available to LLM for autonomous skill discovery and installation
@klampatech @theonlyhennygod
fix(clawhub): add From<SearchResultItem> impl for ClawHubSkill
3a41066
@klampatech @claude @theonlyhennygod
feat(clawhub): add full LLM tool integration + fix Telegram 500 error
953b5ea 
- Implement full clawhub_install tool (downloads, audits, installs skills)
- Add clawhub_uninstall tool for LLM use
- Fix Telegram channel causing MiniMax 500 errors (image marker parsing)
- Update CLI search to show install commands
- Downgrade ACK reaction warnings to debug level
- Fix observability config (stdout -> none)

- src/tools/clawhub_install.rs: Full implementation
- src/tools/clawhub_uninstall.rs: New tool
- src/channels/mod.rs: Fix Telegram media marker format
- src/channels/telegram.rs: Debug-level reaction warnings
- src/clawhub/cli.rs: Show install command in search
- config: Change observability backend to "none"

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
fix: address remaining clippy warnings in new code
5e33a85 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
fix(clippy): resolve all clippy warnings in clawhub files
db475d6 
- Remove unused PathBuf import
- Fix format! in format! args using writeln!
- Fix cast_possible_truncation using try_into()
- Fix ignored_unit_patterns using () explicitly
- Add std::fmt::Write imports where needed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
fix(clawhub): check HTTP status before downloading skill content
9ad6ff2 
Previously the downloader would silently write 404 error pages as SKILL.md
content when skills didn't have the required file in their repository.
This adds explicit HTTP status checking to fail with a clear error
message instead.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
fix(clawhub): support master branch fallback for skill downloads
31ca1b9 
Some repos use 'master' instead of 'main' branch. This adds:
- readme_url_master field to ClawHubSkill
- download_skill_with_fallback method that tries main first, then master CLI to use the fallback
- Updated download method

Also fixes HTTP 404 error handling to fail gracefully.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
feat(clawhub): add config option for download fallback and better err…
18d809a 
…or handling

- Add download_fallback config option for skills hosted on ClawHub backend
- Add zip extraction support for Convex-hosted skill downloads
- Improve error messages when GitHub download fails
- Show helpful guidance about ClawHub-hosted skills

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
feat(clawhub): add default Convex fallback URL for ClawHub-hosted skills
a469eaf 
- Add default download_fallback URL pointing to ClawHub's Convex backend
- Wire up config loading in CLI to use fallback URL
- Now skills like 'github' that are hosted on ClawHub's backend install correctly

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
fix(clawhub): read config fallback URL in install tool
db54479 
The clawhub_install tool was ignoring the download_fallback config
and only trying GitHub URLs. This caused 404 errors for skills
hosted on ClawHub's Convex backend.

Now the tool:
- Reads clawhub.download_fallback from config
- Uses download_skill_with_zip_fallback() (tries GitHub main,
  then master, then falls back to zip URL)
- Provides helpful error messages about backend-hosted skills

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @theonlyhennygod
ci: trigger fresh build
3d307c0
@klampatech @claude @theonlyhennygod
fix(clawhub): address CodeRabbit review feedback
744f259 
- Add URL encoding for search and get_skill API calls
- Add HTTP status checking before JSON parsing in all API methods
- Add slug validation to prevent path traversal attacks
- Add version parameter rejection (not yet supported)
- Add limit clamping (1-100) for search results
- Improve downloader error messages to be more specific
- Fix README link paths in update_skills_readme
- Fix handle_whoami misleading token message
- Improve zip extraction to handle nested folders

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
fix: resolve regex parsing errors and missing test field
45692e8 
- Convert raw string literals to r#""# syntax to fix Rust 2021 brace-quote
  parsing issues in leak_detector.rs (e.g., {20,}" was misinterpreted)
- Add missing serde::Deserialize import for WatiVerifyQuery in gateway
- Add missing wati field to AppState test initializations
- Add #[allow(unused_imports)] for security module exports

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@klampatech @claude @theonlyhennygod
fix: resolve CodeRabbit review comments
61c2bb9 
- Registry: add warning on parse/read errors instead of silently dropping data
- Registry: update name and source_url when updating existing skills
- Channels: restore ClawdTalkConfig re-export for backward compatibility
- Channels: fix find slice coercion for MSRV compatibility

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@chumyin @theonlyhennygod
chore: refresh head for legacy promotion-check cleanup (zeroclaw-labs…
43450bc 
…#1432)
@chumyin @theonlyhennygod
chore: trigger intake checks for RMN-300
e86e635
@chumyin @theonlyhennygod
docs(plan): disable MD036 in ClawHub implementation plan
aaca619
@chumyin @theonlyhennygod
chore(ci): retrigger checks after queued-run cancellation
97dfb30
@theonlyhennygod
Copy link
Copy Markdown
Collaborator

theonlyhennygod commented Mar 20, 2026

Closing — the core ClawHub integration is already on master. ScoutSource::ClawHub is recognized in the skillforge subsystem (src/skillforge/scout.rs) and listed as a default source. If there are additional CLI commands or tool routing features beyond what's implemented, please open a focused follow-up PR. Thank you for the foundational work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theonlyhennygod theonlyhennygod theonlyhennygod left review comments

@chumyin chumyin Awaiting requested review from chumyin

@willsarg willsarg Awaiting requested review from willsarg

@JordanTheJet JordanTheJet Awaiting requested review from JordanTheJet JordanTheJet is a code owner

+1 more reviewer

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@theonlyhennygod theonlyhennygod

@chumyin chumyin

Labels

agent: loop Auto module: agent/loop changed. channel Auto scope: src/channels/** changed. config: core Auto module: config core files changed. core Auto scope: root src/*.rs files changed. dependencies Auto scope: dependency manifest/lock/policy changed. docs Auto scope: docs/markdown/template files changed. gateway: api Auto module: gateway/api changed. onboard: wizard Auto module: onboard/wizard changed. provider Auto scope: src/providers/** changed. risk: high Auto risk: security/runtime/gateway/tools/workflows. security: leak_detector Auto module: security/leak_detector changed. size: XL Auto size: >1000 non-doc changed lines. skills: audit Auto module: skills/audit changed. tool Auto scope: src/tools/** changed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@klampatech @jadams777 @chumyin @theonlyhennygod @gh-xj @killf @Preventnetworkhacking @JordanTheJet