openclaw-superpowers

56 ready-to-use skills that make your AI agent autonomous, self-healing, and self-improving.

A plug-and-play skill library for OpenClaw — the open-source AI agent runtime. Gives your agent structured thinking, security guardrails, persistent memory, cron scheduling, self-recovery, and the ability to write its own new skills during conversation.

Built for developers who want their AI agent to run autonomously 24/7, not just respond to prompts in a chat window.

Inspired by obra/superpowers. Extended for agents that never sleep.

Why this exists

Most AI agent frameworks give you a chatbot that forgets everything between sessions. OpenClaw is different — it runs persistently, handles multi-hour tasks, and has native cron scheduling. But out of the box, it doesn't know how to use those capabilities well.

openclaw-superpowers bridges that gap. Install 56 skills in one command, and your agent immediately knows how to:

Think before it acts — brainstorming, planning, and systematic debugging skills prevent the "dive in and break things" failure mode
Protect itself — 6 security skills detect prompt injection, block dangerous actions, audit installed code, and scan for leaked credentials
Run unattended — 12 cron-scheduled skills handle memory cleanup, health checks, budget tracking, and community monitoring while you sleep
Recover from failures — self-recovery, loop-breaking, and task handoff skills keep long-running work alive across crashes and restarts
Never forget — DAG-based memory compaction, integrity checking, context scoring, and SQLite session persistence ensure the agent preserves critical information even in month-long conversations
Improve itself — the agent can write new skills during normal conversation using create-skill, encoding your preferences as permanent behaviors

The self-modifying agent

This is what makes openclaw-superpowers different from every other plugin library:

"Every time I do a code review, check for security issues first."

Your agent invokes create-skill, writes a new SKILL.md, and that behavior is live — immediately, permanently, no restart needed. The agent encodes your preferences as durable skills. You describe what you want. It teaches itself.

The community-skill-radar skill takes this further: it scans Reddit every 3 days for pain points and feature requests from the OpenClaw community, scores them by signal strength, and writes a prioritized PROPOSALS.md — so the agent (or you) always knows what to build next.

Quickstart

git clone https://github.com/ArchieIndian/openclaw-superpowers ~/.openclaw/extensions/superpowers
cd ~/.openclaw/extensions/superpowers && ./install.sh
openclaw gateway restart

install.sh symlinks all 56 skills, creates state directories for stateful skills, and registers cron jobs — everything in one step. That's it. Your agent now has superpowers.

Important: install does not force behavior

Installing these skills does not guarantee that OpenClaw will follow using-superpowers or any other skill on every turn.

Why:

SOUL.md and AGENTS.md are prompt inputs, not hard enforcement.
Skills are exposed as available capabilities, and the model decides whether to read and apply them.
Changes to installed skills are safest to validate in a fresh OpenClaw session.

For best results:

Start a new OpenClaw session after installation.

Verify the skill is eligible:

openclaw skills list --eligible
openclaw skills info using-superpowers

Put mandatory operating rules in AGENTS.md, not only SOUL.md.
Keep AGENTS.md and SOUL.md concise so they are less likely to be truncated.

If you need deterministic behavior:

Move critical workflow rules into AGENTS.md.
Use OpenClaw hooks or plugins to enforce behavior at runtime.
Do not rely on SOUL.md alone to force deterministic skill execution.

Skills included

Core (17 skills)

Methodology skills that work in any AI agent runtime. Adapted from obra/superpowers plus new additions for skill quality assurance.

Skill	What it does	Script
`using-superpowers`	Bootstrap — teaches the agent how to find and invoke skills	—
`brainstorming`	Structured ideation before any implementation	—
`writing-plans`	Clear, reviewable implementation plans	—
`executing-plans`	Executes plans step-by-step with verification	—
`systematic-debugging`	4-phase root cause process before any fix	—
`verification-before-completion`	Ensures tasks are done, not just attempted	—
`test-driven-development`	Red-green-refactor discipline	—
`subagent-driven-development`	Parallel subagent execution for complex tasks	—
`create-skill`	Writes new skills during conversation	—
`skill-vetting`	Security scanner for ClawHub skills before installing	`vet.sh`
`project-onboarding`	Crawls a new codebase to generate a `PROJECT.md` context file	`onboard.py`
`fact-check-before-trust`	Secondary verification pass for factual claims before acting on them	—
`skill-trigger-tester`	Scores a skill's description against sample prompts to predict trigger reliability	`test.py`
`skill-conflict-detector`	Detects name shadowing and description-overlap conflicts between installed skills	`detect.py`
`skill-portability-checker`	Validates OS/binary dependencies in companion scripts; catches non-portable calls	`check.py`
`pull-request-feedback-loop`	Handles PR review comments as grouped, verified fix loops	—
`skill-effectiveness-auditor`	Reviews whether a skill will trigger reliably and guide useful behavior	—

OpenClaw-Native (38 skills)

Skills that require OpenClaw's persistent runtime — cron scheduling, session state, or long-running execution. These are the skills that make a 24/7 autonomous agent actually work reliably.

Skill	What it does	Cron	Script
`long-running-task-management`	Breaks multi-hour tasks into checkpointed stages with resume	every 15 min	—
`persistent-memory-hygiene`	Keeps the agent's memory store clean and useful over time	daily 11pm	—
`task-handoff`	Gracefully hands off incomplete tasks across agent restarts	—	—
`agent-self-recovery`	Detects when the agent is stuck in a loop and escapes	—	—
`context-window-management`	Prevents context overflow on long-running sessions	—	—
`daily-review`	End-of-day structured summary and next-session prep	weekdays 6pm	—
`morning-briefing`	Daily briefing: priorities, active tasks, pending handoffs	weekdays 7am	`run.py`
`secrets-hygiene`	Audits installed skills for stale credentials and orphaned secrets	Mondays 9am	`audit.py`
`workflow-orchestration`	Chains skills into resumable named workflows with on-failure conditions	—	`run.py`
`quality-gate-orchestrator`	Tracks required validation gates and reports completion readiness	—	`gate.py`
`context-budget-guard`	Estimates context usage and triggers compaction before overflow	—	`check.py`
`prompt-injection-guard`	Detects injection attempts in external content before the agent acts	—	`guard.py`
`spend-circuit-breaker`	Tracks API spend against a monthly budget; pauses crons at 100%	every 4h	`check.py`
`dangerous-action-guard`	Requires explicit user confirmation before irreversible actions	—	`audit.py`
`loop-circuit-breaker`	Detects infinite retry loops from deterministic errors and breaks them	—	`check.py`
`workspace-integrity-guardian`	Detects drift or tampering in SOUL.md, AGENTS.md, MEMORY.md	Sundays 3am	`guard.py`
`multi-agent-coordinator`	Manages parallel agent fleets: health checks, consistency, handoffs	—	`run.py`
`cron-hygiene`	Audits cron skills for session mode waste and token efficiency	Mondays 9am	`audit.py`
`channel-context-bridge`	Writes a context card at session end for seamless channel switching	—	`bridge.py`
`skill-doctor`	Diagnoses silent skill discovery failures — YAML errors, path violations, schema mismatches	—	`doctor.py`
`installed-skill-auditor`	Weekly post-install audit of all skills for injection, credentials, and drift	Mondays 9am	`audit.py`
`skill-loadout-manager`	Named skill profiles to manage active skill sets and prevent system prompt bloat	—	`loadout.py`
`skill-compatibility-checker`	Checks installed skills against the current OpenClaw version for feature compatibility	—	`check.py`
`heartbeat-governor`	Enforces per-skill execution budgets for cron skills; auto-pauses runaway skills	every hour	`governor.py`
`community-skill-radar`	Scans Reddit for OpenClaw pain points and feature requests; writes prioritized PROPOSALS.md	every 3 days	`radar.py`
`memory-graph-builder`	Parses MEMORY.md into a knowledge graph; detects duplicates, contradictions, stale entries	daily 10pm	`graph.py`
`config-encryption-auditor`	Scans config directories for plaintext API keys, tokens, and world-readable permissions	Sundays 9am	`audit.py`
`openclaw-config-advisor`	Diagnoses provider, fallback, channel, MCP, and gateway config issues	—	`advise.py`
`tool-description-optimizer`	Scores skill descriptions for trigger quality — clarity, specificity, keyword density — and suggests rewrites	—	`optimize.py`
`mcp-health-checker`	Monitors MCP server connections for health, latency, and availability; detects stale connections	every 6h	`check.py`
`memory-dag-compactor`	Builds hierarchical summary DAGs from MEMORY.md with depth-aware prompts (d0 leaf → d3+ durable)	daily 11pm	`compact.py`
`large-file-interceptor`	Detects oversized files, generates structural exploration summaries, stores compact references	—	`intercept.py`
`context-assembly-scorer`	Scores how well current context represents full conversation; detects blind spots	every 4h	`score.py`
`compaction-resilience-guard`	Monitors compaction for failures; enforces normal → aggressive → deterministic fallback chain	—	`guard.py`
`memory-integrity-checker`	Validates summary DAGs for orphans, circular refs, token inflation, broken lineage	Sundays 3am	`integrity.py`
`session-persistence`	Imports session transcripts into SQLite with FTS5 full-text search; queryable message history	every 15 min	`persist.py`
`dag-recall`	Walks the memory DAG to recall detailed context on demand — query, expand, and assemble cited answers	—	`recall.py`
`expansion-grant-guard`	YAML-based delegation grant ledger — scoped permission grants with token budgets and auto-expiry	—	`guard.py`

Community (1 skill)

Skills written by agents and contributors. Any agent can add a community skill via create-skill.

Skill	What it does	Cron	Script
`obsidian-sync`	Syncs OpenClaw memory to an Obsidian vault nightly	daily 10pm	`sync.py`

Security & guardrails

Six skills form a defense-in-depth security layer for autonomous agents:

Threat	Skill	How it works
Malicious skill installs	`skill-vetting`	Pre-install scanner with 6 security flags — rates SAFE / CAUTION / DO NOT INSTALL
Prompt injection from external content	`prompt-injection-guard`	Detects 6 injection signal types at runtime; blocks on 2+ signals
Agent takes destructive action without asking	`dangerous-action-guard`	Pre-execution confirmation gate with 5-min expiry and full audit trail
Post-install tampering or credential injection	`installed-skill-auditor`	Weekly SHA-256 drift detection; checks for INJECTION / CREDENTIAL / EXFILTRATION
Silent skill loading failures	`skill-doctor`	6 diagnostic checks per skill; surfaces every load-time failure
Plaintext secrets in config files	`config-encryption-auditor`	Scans for 8 API key patterns + 3 token patterns; auto-fixes permissions

How it compares

Feature	openclaw-superpowers	obra/superpowers	Custom prompts
Skills included	56	8	0
Self-modifying (agent writes new skills)	Yes	No	No
Cron scheduling	16 scheduled skills	No	No
Persistent state across sessions	YAML state schemas	No	No
Security guardrails	6 defense-in-depth skills	No	No
Companion scripts with CLI	25 scripts	No	No
Memory graph / knowledge graph	Yes	No	No
SQLite session persistence + FTS5 search	Yes	No	No
Sub-agent recall with token-budgeted grants	Yes	No	No
MCP server health monitoring	Yes	No	No
API spend tracking & budget enforcement	Yes	No	No
Community feature radar (Reddit scanning)	Yes	No	No
Multi-agent coordination	Yes	No	No
Works with 24/7 persistent agents	Built for it	Session-only	Session-only

Architecture

~/.openclaw/extensions/superpowers/
├── skills/
│   ├── core/                    # 17 methodology skills (any runtime)
│   │   ├── brainstorming/
│   │   │   └── SKILL.md
│   │   ├── create-skill/
│   │   │   ├── SKILL.md
│   │   │   └── TEMPLATE.md
│   │   └── ...
│   ├── openclaw-native/         # 38 persistent-runtime skills
│   │   ├── memory-graph-builder/
│   │   │   ├── SKILL.md             # Skill definition + YAML frontmatter
│   │   │   ├── STATE_SCHEMA.yaml    # State shape (committed, versioned)
│   │   │   ├── graph.py             # Companion script
│   │   │   └── example-state.yaml   # Annotated example
│   │   └── ...
│   └── community/               # Agent-written and contributed skills
├── scripts/
│   └── validate-skills.sh       # CI validation
├── tests/
│   └── test-runner.sh
└── install.sh                   # One-command setup

State model: Each stateful skill commits a STATE_SCHEMA.yaml defining the shape of its runtime data. At install time, install.sh creates ~/.openclaw/skill-state/<skill-name>/state.yaml on your machine. The schema is portable and versioned; the runtime state is local-only and never committed.

Companion scripts

Skills marked with a script ship a small executable alongside their SKILL.md:

25 Python scripts (run.py, audit.py, check.py, guard.py, bridge.py, onboard.py, sync.py, doctor.py, loadout.py, governor.py, detect.py, test.py, radar.py, graph.py, optimize.py, compact.py, intercept.py, score.py, integrity.py, persist.py, recall.py, advise.py, gate.py) — run directly to manipulate state, generate reports, or trigger actions. No extra dependencies; pyyaml is optional but recommended.
vet.sh — Pure bash scanner; runs on any system with grep.
Every script supports --help and --format json. Dry-run mode available on scripts that make changes.
See the example-state.yaml in each skill directory for sample state and a commented walkthrough of cron behaviour.

Use cases

Solo developer with a persistent AI agent

Install superpowers, and your agent handles memory cleanup, security audits, and daily briefings on autopilot. You focus on building; the agent maintains itself.

Team running multiple OpenClaw agents

Use multi-agent-coordinator for fleet health checks, skill-loadout-manager to keep system prompts lean per agent role, and heartbeat-governor to prevent runaway cron costs.

Open-source maintainer

community-skill-radar scans Reddit for pain points automatically. skill-vetting catches malicious community contributions before they're installed. installed-skill-auditor detects post-install tampering.

Security-conscious deployment

Six defense-in-depth skills: pre-install vetting, runtime injection detection, destructive action gates, post-install drift detection, credential scanning, and silent failure diagnosis.

Contributing

Open a Skill Proposal issue — or just ask your agent to write one using create-skill
Run ./scripts/validate-skills.sh
Submit a PR — CI validates automatically
Community skills may be promoted to core over time

Credits

openclaw/openclaw — the open-source AI agent runtime
obra/superpowers — Jesse Vincent's skills framework; core skills adapted under MIT license
OpenLobster — inspiration for memory graph, config encryption auditing, tool-description scoring, and MCP health monitoring
lossless-claw — inspiration for DAG-based memory compaction, session persistence, sub-agent recall, and delegation grants

installed-skill-auditor