Install
openclaw skills install npm-registrynpm
Search packages, inspect registry metadata, review download stats, and check advisories in npm - powered by ClawLink.
npm
Work with npm from chat - search packages, inspect metadata, review download stats, and check registry health or advisories.
Powered by ClawLink, an integration hub for OpenClaw that handles hosted connection flows and credentials so you don't need to configure npm API access yourself.
Quick start
- Install the verified ClawLink plugin:
openclaw plugins install clawhub:clawlink-plugin - Start a fresh OpenClaw chat if the plugin was just installed and ClawLink tools are not visible yet
- If ClawLink is not configured, call
clawlink_begin_pairing - Tell the user to open the returned pairing URL, sign in to ClawLink if needed, and approve the device
- After the user confirms approval, call
clawlink_get_pairing_status - Tell the user to connect npm at claw-link.dev/dashboard?add=npm
- When the user confirms npm is connected, call
clawlink_list_integrationsand thenclawlink_list_toolswith thenpmintegration slug
Setup details
Installing the plugin
If the ClawLink plugin is not installed yet, tell the user to run:
openclaw plugins install clawhub:clawlink-plugin
If the current chat started before the plugin was installed and ClawLink tools are still unavailable, tell the user to start a fresh chat so OpenClaw reloads the plugin tool catalog.
Pairing ClawLink
If ClawLink reports that the plugin is not configured, the plugin has not been paired with the user's ClawLink account yet.
- Call
clawlink_begin_pairing. - Tell the user to open the returned pairing URL in their browser.
- The user signs in to ClawLink if needed and approves the OpenClaw device.
- After the user confirms approval, call
clawlink_get_pairing_statusto finish local setup.
The resulting device credential is stored locally in OpenClaw's plugin config and is only sent to claw-link.dev. The user should not paste raw credentials into chat.
Connecting npm
Tell the user to open https://claw-link.dev/dashboard?add=npm and connect npm there. The page opens the add-connection panel filtered to npm. ClawLink's hosted page runs the npm provider connection flow. When they confirm it is done, call clawlink_list_integrations to verify, then call clawlink_list_tools with integration npm.
Using npm tools
ClawLink provides tools dynamically based on what the user has connected. You do not need to know tool names or schemas in advance.
Discovery
- Call
clawlink_list_integrationsto confirm npm is connected. - Call
clawlink_list_toolswith integrationnpm. - Treat the returned list as the source of truth. Do not guess or assume what tools exist.
- If the user describes a capability but the exact tool is unclear, call
clawlink_search_toolswith a short query and integrationnpm. - If no npm tools appear, direct the user to https://claw-link.dev/dashboard?add=npm.
Execution
- Call
clawlink_describe_toolbefore using an unfamiliar tool, before any write, or when the request is ambiguous. - Use the returned schema,
whenToUse,askBefore,safeDefaults,examples, andfollowups. - Prefer search, package metadata, download metrics, and advisory reads before account-changing operations.
- For writes or anything marked as requiring confirmation, call
clawlink_preview_toolfirst, then confirm with the user. - Execute with
clawlink_call_tool. - If it fails, report the real error. Do not invent results or restate the failure as a missing capability unless the live catalog supports that conclusion.
What you can do
Typical npm tasks (actual availability depends on the user's connected account, permissions, scopes, and current ClawLink tool catalog):
- Search the npm registry for packages
- Inspect package metadata, versions, and registry changes
- Review package download counts for points in time or date ranges
- Check security advisories and registry incidents
- Inspect overall registry status and metadata
Rules
- Always use ClawLink tools for npm. Do not ask the user for separate npm credentials.
- Do not claim a capability is missing without checking the live ClawLink catalog in the current turn.
- Do not invent slash commands or ask the user to paste raw credentials.
- Ask for confirmation before deleting tokens or making account-changing actions.
- If npm is not connected, direct the user to https://claw-link.dev/dashboard?add=npm.
- Never echo or repeat the user's ClawLink credential.
Resources
- ClawLink: https://claw-link.dev
- ClawLink Docs: https://docs.claw-link.dev/openclaw
- ClawLink Verification: https://claw-link.dev/verify
- ClawLink Source: https://github.com/hith3sh/clawlink
- npm Docs: https://docs.npmjs.com/