docs/plugins/bundles.md
OpenClaw can install plugins from three external ecosystems: Codex, Claude, and Cursor. These are called bundles - content and metadata packs that OpenClaw maps into native features like skills, hooks, and MCP tools.
<Info> Bundles are **not** the same as native OpenClaw plugins. Native plugins run in-process and can register any capability. Bundles are content packs with selective feature mapping and a narrower trust boundary. </Info>Many useful plugins are published in Codex, Claude, or Cursor format. Instead of requiring authors to rewrite them as native OpenClaw plugins, OpenClaw detects these formats and maps their supported content into the native feature set. You can install a Claude command pack or a Codex skill bundle and use it immediately.
# Archive
openclaw plugins install ./my-bundle.tgz
# Claude marketplace
openclaw plugins marketplace list <source>
openclaw plugins install <plugin> --marketplace <source>
```
`<source>` is a local marketplace path/repo or a git/GitHub source.
Bundles show `Format: bundle` plus a `Bundle format:` value of `codex`,
`claude`, or `cursor`.
Mapped features (skills, hooks, MCP tools, LSP defaults) are available in the next session.
Not every bundle feature runs in OpenClaw today. Here is what works and what is detected but not yet wired.
| Feature | How it maps | Applies to |
|---|---|---|
| Skill content | Bundle skill roots load as normal OpenClaw skills | All formats |
| Commands | commands/ and .cursor/commands/ treated as skill roots | Claude, Cursor |
| Hook packs | OpenClaw-style HOOK.md + handler.ts layouts | Codex |
| MCP tools | Bundle MCP config merged into embedded OpenClaw settings; supported stdio and HTTP servers loaded | All formats |
| LSP servers | Claude .lsp.json and manifest-declared lspServers merged into embedded OpenClaw LSP defaults | Claude |
| Settings | Claude settings.json imported as embedded OpenClaw defaults | Claude |
commands/ roots are treated as additional skill roots..cursor/commands/ roots are treated as additional skill roots.Claude markdown command files and Cursor command markdown both work through the normal OpenClaw skill loader.
Bundle hook roots work only when they use the normal OpenClaw hook-pack
layout: HOOK.md plus handler.ts or handler.js. Today this is primarily
the Codex-compatible case.
mcpServers.coding and messaging tool profiles include bundle MCP tools by
default; use tools.deny: ["bundle-mcp"] to opt out for an agent or gateway.listTools() order changes do not thrash prompt-cache tool blocks.MCP servers can use stdio or HTTP transport.
Stdio launches a child process:
{
"mcp": {
"servers": {
"my-server": {
"command": "node",
"args": ["server.js"],
"env": { "PORT": "3000" }
}
}
}
}
HTTP connects to a running MCP server, defaulting to sse unless
streamable-http is requested:
{
"mcp": {
"servers": {
"my-server": {
"url": "http://localhost:3100/mcp",
"transport": "streamable-http",
"headers": {
"Authorization": "Bearer ${MY_SECRET_TOKEN}"
},
"connectionTimeoutMs": 30000
}
}
}
}
transport accepts "streamable-http" or "sse"; omitted defaults to sse.type: "http" is a CLI-native downstream shape; use transport: "streamable-http" in OpenClaw config. openclaw mcp set and openclaw doctor --fix normalize the common alias.http: and https: URL schemes are allowed.headers values support ${ENV_VAR} interpolation.command and url is rejected.connectionTimeoutMs overrides the default 30-second connection timeout for
both stdio and HTTP transports. Request timeout defaults to 60 seconds and
can be overridden with requestTimeoutMs.OpenClaw registers bundle MCP tools with provider-safe names in the form
serverName__toolName. For example, a server keyed "vigil-harbor" exposing a
memory_search tool registers as vigil-harbor__memory_search.
A-Za-z0-9_- are replaced with -.12306 become provider-safe tool prefixes.mcp.bundle-mcp, so profile allow/deny lists can reference
either individual exposed tool names or the bundle-mcp plugin key.Claude settings.json is imported as default embedded OpenClaw settings when
the bundle is enabled. OpenClaw sanitizes shell override keys before applying
them:
shellPathshellCommandPrefix.lsp.json plus any manifest-declared lspServers paths.openclaw plugins inspect <id>.These are recognized and shown in diagnostics, but OpenClaw does not run them:
agents, hooks/hooks.json automation, outputStyles.cursor/agents, .cursor/hooks.json, .cursor/rules.app.json metadata beyond capability reportingOptional content: `skills/`, `hooks/`, `.mcp.json`, `.app.json`
Codex bundles fit OpenClaw best when they use skill roots and OpenClaw-style
hook-pack directories (`HOOK.md` + `handler.ts`).
- **Manifest-based:** `.claude-plugin/plugin.json`
- **Manifestless:** default Claude layout (`skills/`, `commands/`, `agents/`, `hooks/`, `.mcp.json`, `.lsp.json`, `settings.json`)
Claude-specific behavior:
- `commands/` is treated as skill content
- `settings.json` is imported into embedded OpenClaw settings (shell override keys are sanitized)
- `.mcp.json` exposes supported stdio tools to embedded OpenClaw
- `.lsp.json` plus manifest-declared `lspServers` paths load into embedded OpenClaw LSP defaults
- `hooks/hooks.json` is detected but not executed
- Custom component paths in the manifest are additive; they extend defaults, not replace them
Optional content: `skills/`, `.cursor/commands/`, `.cursor/agents/`, `.cursor/rules/`, `.cursor/hooks.json`, `.mcp.json`
- `.cursor/commands/` is treated as skill content
- `.cursor/rules/`, `.cursor/agents/`, and `.cursor/hooks.json` are detect-only
OpenClaw checks for native plugin format first:
openclaw.plugin.json or a valid package.json with openclaw.extensions - treated as a native plugin.codex-plugin/, .claude-plugin/, or default Claude/Cursor layout) - treated as a bundleIf a directory contains both, OpenClaw uses the native path. This prevents dual-format packages from being partially installed as bundles.
npm install repair. They
should be installed through openclaw plugins install and ship everything
they need in the installed plugin directory.openclaw doctor --fix removes stale local bundled-plugin install records
and can recover downloadable plugins that are missing from the local plugin
index when config still references them.Bundles have a narrower trust boundary than native plugins:
This makes bundles safer by default, but you should still treat third-party bundles as trusted content for the features they do expose.