Analysis & Commentary
Agent Ecosystems
← Home
March 2026
Field Report No. 1
Plugin Economies

The Power Law of Agent Plugins: What OpenClaw Tells Us About the Future of AI Extensions

A data-driven analysis of the OpenClaw skill ecosystem, what dominates, why, and what every major plugin market in history says will happen next.

Based on live ClawHub data · 31,399 skills analysed · Top 50 by downloads
01 /
What is OpenClaw

A New Kind of Platform

OpenClaw is an extension framework for AI agents, specifically, for Claude-based agents running in agentic environments like Clawdbot. Think of it as a plugin system where the host application is not a browser, a CMS, or an IDE, but an AI agent itself. Skills are plain-text instruction files that tell the agent how to behave in a given context: how to use a CLI tool, how to connect to an API, how to manage memory, how to improve itself.

The skill registry, ClawHub, is the distribution layer. As of March 2026, it hosts 31,399 skills with public download and star counts, which makes it one of the first agent plugin markets to have enough data to analyse seriously.

Technical definition

An OpenClaw skill is a Markdown file with structured sections: a trigger condition (when the agent should use it), a set of instructions, and optional metadata. When installed, the skill is injected into the agent's context window at the appropriate moment. This is fundamentally different from traditional plugins: there is no compiled code, no API surface, and no runtime dependency, just structured natural language that modifies the agent's reasoning.

This has an interesting implication: the bottleneck for skill quality is not engineering but clarity. The best skills are not the most technically complex, they are the most precisely written. As we will see, this creates a very different competitive dynamic from software plugin markets that came before.

Total skills
31,399
on ClawHub as of Mar 2026
Top skill downloads
275k
self-improving-agent by @pskoett
Median top-50 downloads
~16k
vs #1 at 275k, 17× gap
Platform age
<1 yr
early-market dynamics fully intact
02 /
The Most Popular Skills

Who Dominates, and Why

To understand what comes next, it helps to look at what has already played out. The top 50 skills by download count reveal patterns that are both distinctive to this market and deeply familiar from analogous ones.

The power law in raw form

Download distributions in plugin ecosystems are not normally distributed. They are not even mildly skewed. They follow what mathematicians call a power law, a mathematical relationship where a small number of items accumulate a wildly disproportionate share of total value, and each successive rank earns dramatically less than the one above it.

In a power law distribution, the frequency of an item as a function of its rank follows: f(r) = C · r−α, where r is the rank and α (alpha) is the exponent that determines how steep the drop-off is. The OpenClaw data shows a very steep alpha, meaning the drop from #1 to #10 is far more severe than in, say, the App Store, which has years of long-tail accumulation to moderate the curve.

Fig. 01 Power law distribution, top 50 OpenClaw skills by downloads

The steep initial drop, from 275k at rank 1 to 97k at rank 3, is characteristic of an immature power-law market where the distribution has not yet been moderated by time and long-tail accumulation. Note how the curve flattens around rank 20, creating a dense cluster in the 15k–25k range.

The top three skills alone, self-improving-agent, ontology, and Self-Improving + Proactive Agent, account for roughly 495,000 downloads. That is more than all skills ranked 11–50 combined. Not unusual for a young market: the WordPress plugin ecosystem looked nearly identical in 2007.

The thematic map

Grouping the top 50 by use case rather than rank makes the picture clearer. The market has not yet found equilibrium across all categories, some are saturated with competing skills, while others are winner-take-all.

Fig. 02 Aggregate downloads by category, top 50 skills

Agent meta/self-improvement dominates by a large margin, driven almost entirely by the top 3 skills. The "image, audio & video" category has the most skills (8) but comparatively modest aggregate downloads, suggesting fragmentation without a dominant player.

Stars versus downloads: the quality signal problem

Raw download counts are a noisy signal, and always have been. In every mature plugin market, npm, WordPress, Chrome Extensions, download inflation through bots, CI pipelines, and programmatic installs eventually degrades the metric's usefulness. Stars, which require a deliberate human choice, are more signal-dense.

The ratio of stars to downloads is a simple way to tell whether people who installed a skill actually cared about it. A healthy ratio sits above 0.5%. Two skills in the top 50, Polymarket (#13) and Post Job (#29), have ratios below 0.05%, suggesting their download counts may be inflated by programmatic or incentivised installs.

Fig. 03 Stars vs downloads, quality signal divergence

Skills above the diagonal trend line have unusually high star rates, genuine user love. Skills below it have anomalously few stars for their download count. The two lowest-ratio outliers (Polymarket, Post Job) warrant scrutiny.

03 /
Historical Analogues

We Have Seen This Before

Every major software platform that opened a plugin layer went through roughly the same sequence: an initial explosion of creator activity, a rapid power-law consolidation, a quality crisis, and then a maturation phase defined by monetisation and platform-level curation. OpenClaw is early in step one. Understanding how that sequence plays out is probably the most useful thing a skill creator can know right now.

"The question is not whether OpenClaw will follow the pattern. It is how fast it will move through each phase, and which skills will survive the transitions."

The WordPress Plugin Ecosystem (2005–2012): the closest structural analogue

WordPress plugins are the closest comparison to OpenClaw skills. Both are plain-text layers sitting on top of a larger platform. Both have almost no barrier to publishing. And both reward credentialed, prolific creators with distribution advantages that compound over time.

The numbers tell the story clearly. WordPress introduced its plugin architecture in May 2004. An official directory launched in 2006. By the end of 2011 that directory had 10,000 plugins. By early 2013, 20,000. Total downloads crossed 1 billion in 2014 and the directory passed 50,000 plugins by 2017. The growth was exponential in the early years, then began flattening as the platform matured and started pruning low-quality entries. OpenClaw at 31,399 skills is somewhere between WordPress's 2012 and 2013 levels in raw count terms, suggesting the consolidation phase is closer than it looks.

In WordPress's first three years or so, a handful of authors, Automattic insiders, Joost de Valk (Yoast SEO), Carl Hancock (Gravity Forms), built positions in the top 20 that held for five years. The meta-plugin pattern was already visible by 2007: SEO plugins, caching plugins, and security plugins dominated because they made WordPress itself more capable rather than adding a single feature. Yoast SEO is now active on over 10 million sites. It did not solve a specific problem, it solved the problem of WordPress's relationship to search engines generally.

@steipete on OpenClaw maps almost exactly to Joost de Valk on WordPress: a credentialed insider, prolific publisher, high version cadence, and deep integration with the platform's own roadmap. The moat is not any single skill, it is the trust signal that accretes across all of them.

Fig. 04 Historical platform analogues, structural parallels to OpenClaw
PLATFORM ERA STRONG PARALLELS KEY LESSON FOR OPENCLAW WordPress Plugins 2005–2012 • Creator dominance / trust moat • Meta-plugins win (SEO, caching, security) • Version cadence = sustained position • Power-law locked in within 2 years The top-10 list will barely change for 2–3 years. @steipete = Yoast. First-mover + trust is a near-permanent moat absent platform intervention. iOS App Store 2008–2012 • Power-law downloads from day one • Utility beats novelty long-term ⚠ Star ratings gamed early ⚠ No discovery = rich get richer Without better discovery, good new skills stay buried. ClawHub needs editorial curation or a verified tier before the long tail suffocates. Shopify App Store 2009–2021 • B2B, each install = real business revenue • Connector tier dominates (marketing, logistics) • 6,000 apps by 2021; 10,000 by 2024 • Platform absorbs best apps as native features API Gateway (#8) is the Shopify connector analogue. One skill will own this tier. And when paid skills arrive, B2B utility skills will command real fees. Chrome Extensions 2010–2016 • Security tools emerge early and stick • Creator trust = frictionless install rate ⚠ Malicious extension wave ⚠ Google crackdown reshaped market A high-profile malicious skill incident is probable. MoltGuard (#21) is early positioning for that moment. The "nonSuspicious" filter already signals it. npm Registry 2010–present • Download inflation is endemic • Stars/download ratio = the real signal ⚠ 2.5M packages, top 500 take 90% ⚠ "left-pad moment" dependency risk Downloads will be deprioritised as a metric. Platforms add "active installs" to replace them. Build for star rate, not download count.

WordPress Plugins

2005–2012
Creator dominance and trust moats; meta-plugins (SEO, caching, security) win; version cadence sustains position; power-law locked in within ~2 years.

Lesson: The top-10 list barely changes for years. First-mover plus trust is a near-permanent moat without platform intervention.

iOS App Store

2008–2012
Power-law downloads from day one; utility beats novelty; star ratings gamed early; poor discovery means the rich get richer.

Lesson: Without better discovery, good new skills stay buried. ClawHub needs curation or a verified tier before the long tail suffocates.

Shopify App Store

2009–2021
B2B installs tied to real revenue; connector tier dominates; tens of thousands of apps; platform absorbs winners as native features.

Lesson: API Gateway (#8) is the connector analogue. When paid skills arrive, B2B utility skills can command real fees.

Chrome Extensions

2010–2016
Security tools stick early; creator trust drives installs; malicious-extension waves and a Google crackdown reshaped the market.

Lesson: A high-profile malicious skill incident is plausible. MoltGuard (#21) and the nonSuspicious filter signal this arc.

npm Registry

2010–present
Download inflation is endemic; stars-to-downloads ratio is the real signal; massive long tail with extreme concentration at the top.

Lesson: Downloads get deprioritised; “active installs” style metrics replace them. Build for star rate, not raw download count.

Each historical platform offers a distinct warning. The intersection of all five is the OpenClaw trajectory: creator moats harden, discovery fails, a security incident triggers platform intervention, and monetisation reshuffles everything.

iOS, Chrome, and npm: speed, governance, inflation

The iOS App Store launched in July 2008 with 500 apps. Within a single weekend it had 10 million downloads. By September 2012, just four years in, it had 700,000 apps and 30 billion cumulative downloads. Chrome's extension gallery grew from zero to 8,500 extensions and 70 million installs in its first year, reaching 750 million total installs by mid-2012. npm, more quietly, went from nothing in 2010 to 100,000 packages and 500 million monthly downloads by 2014, and 3.3 million packages by 2019.

Each of these markets went through the same governance arc. Early: open, fast, almost no review. Middle: malicious actors exploit the openness, platform scrambles to respond. Late: stricter policies, quality floors, pruning of low-value entries. Chrome removed extensions that injected ads without user consent. Apple tightened privacy rules and killed 64-bit non-compliant apps, trimming the store from 2.2 million to 1.9 million apps. npm responded to spam and supply-chain attacks with new policy tools. The pattern is invariant. The only question for OpenClaw is how long the open phase lasts.

Shopify: the B2B template for what comes after

Shopify launched its App Store in June 2009. Growth was slow for the first few years, then exponential after 2012. By 2021 it had 6,000 apps. By 2024 it crossed 10,000, before a modest pullback as Shopify pruned underperforming entries. The key difference from every other analogue: each install on Shopify connects to a business that generates real revenue. Apps that improve conversion or reduce operational costs can justify recurring subscription fees easily, because the ROI is direct and measurable.

This is the model OpenClaw is most likely to evolve toward if it attracts professional and enterprise users. The API Gateway skill (#8) already looks like a Shopify-style connector: it sits close to the workflow that matters, it integrates external services merchants (agents, in this case) actually pay for, and it would be a natural candidate for a paid tier. When that transition happens, the ranking dynamics could shift substantially. Shopify's experience suggests that the free-to-paid transition reshuffles the top 50 faster than any other platform event.

Framework: the five-stage platform lifecycle

Strategy consultants at Bain and McKinsey have documented a consistent five-step arc across every major platform ecosystem. It maps cleanly onto OpenClaw's current moment:

01
Identify
Nail the jobs a platform does better than a standalone product. Coordinating tools, memory, workflows.
02
Build
Ship composable primitives: a packaging format, an API, a registry. OpenClaw has done this.
YOU ARE HERE
03
Seed
First-party extensions set the quality bar. @steipete's skills are the seeding layer for OpenClaw.
WATCH THIS
04
Scale + monetise
Hit critical mass, then charge where value accrues. OpenClaw has not done this yet. The window is narrowing.
05
Expand
Use distribution and data to move into adjacent verticals. This is when a platform becomes infrastructure.
direction of travel

The transition from stage 3 to stage 4 will be the single most consequential event for skill creators in the next 12 months.

The power law: why concentration is mathematically inevitable

The power law is not a quirk of one market or another. It emerges from systems with preferential attachment, where new nodes in a network are more likely to connect to already-well-connected nodes. In plugin markets the mechanism is pretty simple: users sort by popularity, install the top result, leave a star if it works, which pushes it higher in the rankings, which drives more installs. The rich get richer, not through any conspiracy, but because of how the distribution is shaped.

Mathematically, if you plot rank on the x-axis and downloads on the y-axis on a log-log scale, a pure power law gives you a straight line. The OpenClaw data is not quite a straight line yet, it is steeper at the top than a mature market, reflecting the fact that the distribution has not had time to develop a proper long tail. As more skills accumulate downloads over time, the curve will flatten and broaden. But the top of the distribution will stay compressed: the #1 skill will likely always hold a multiple of 5–20× over the median.

Theory note, Zipf's Law

Zipf's Law, a special case of the power law with α ≈ 1, states that the n-th most common item appears with frequency proportional to 1/n. Word frequencies in language, city populations, and yes, software download distributions all approximate Zipf's Law over time. The OpenClaw data currently has a steeper alpha (roughly 1.4–1.6 by estimation), consistent with a young market where the compounding effect has had less time to operate.

Implication: as the market matures, the top skill's relative dominance will actually decrease, not because it loses downloads, but because the long tail fills in. A skill at rank 200 today may have 500 downloads. In five years, the same rank may have 10,000 downloads. The power law flattens from the bottom up.

The platform commoditisation trap

The one risk that historical analogues cannot fully capture is the one most specific to AI: the underlying platform is itself improving at a rate that dwarfs any software platform in history. WordPress core improved incrementally, a new block editor here, better REST API there. The LLMs powering OpenClaw agents are on a trajectory where capabilities roughly double every 12–18 months.

This creates a kind of risk that the App Store, npm, and WordPress never had to deal with: the skills that currently occupy the top 3 positions, all agent self-improvement skills, are precisely the category the platform itself has the most incentive to absorb. If Claude 4 or 5 natively handles persistent memory, self-correction, and context management, the top 3 skills on ClawHub get deprecated by a model update. This is the equivalent of Apple folding flashlight apps into iOS, except it would happen to the highest-value category on the platform rather than a minor utility.

"The skills that are most popular today are most at risk of becoming unnecessary tomorrow. That is the central strategic tension of building on a rapidly improving platform."

Fig. 05 Predicted OpenClaw market trajectory, three phases
NOW · PHASE 1
Wild West
→ Power users dominate
→ Creator trust accretes fast
→ Meta-skills win
→ Suspicious installs rampant
→ No monetisation
→ Top 10 crystallising now
You are here
~6–18 MONTHS · PHASE 2
Quality Filter
→ Platform adds curation
→ Verified publisher tier
→ Security incident occurs
→ Active installs metric
→ Chinese market scales up
→ First paid skill experiments
Prepare now
~2–4 YEARS · PHASE 3
Consolidation
→ Paid skills / storefronts
→ Enterprise connector tier
→ M&A in skill companies
→ Platform absorbs meta-skills
→ Long tail matures
→ Creator carve-outs locked in
Position for this now

The three-phase model is consistent across all analogous markets. The transition timelines vary, Chrome took ~4 years to reach phase 2; npm still has not fully reached phase 3, but the sequence is invariant.

04 /
How to Win

The Historically Informed Playbook

Everything that follows is derived from pattern-matching against the historical analogues above, filtered through the specific dynamics of the OpenClaw data. These are not generic startup tips. Each one maps to something specific in the data.

1
Principle
Launch one thing and iterate it aggressively
The WordPress lesson is pretty clear: early prolific quality beats early prolific quantity. @steipete's weakest skills still land in the top 50 because of the reputation earned by his strongest ones. Launch your first skill properly, iterate it to 10 or more versions, then publish a second. Version count is a visible trust signal, API Gateway at 71 versions and MoltGuard at 56 are not accidents. They are deliberate reputation-building through public maintenance history.
API Gateway: 71 versions → #8 MoltGuard: 56 versions → #21 Web Search Plus: 51 versions → #25
2
Principle
Build a force multiplier, not a point solution
The top three skills do not solve a specific task. They make the agent better at solving all tasks. API Gateway does not connect to one API, it connects to 100+. Free Ride does not give you one model, it gives you all free models. The Salesforce AppExchange taught us that in professional tool ecosystems, the connector/infrastructure layer eventually becomes more valuable than any individual integration. Find the meta-problem in your category and solve that, rather than one instance of it.
Self-improving-agent: meta-cognition API Gateway: meta-connectivity Free Ride: meta-models
3
Principle
Optimise for star rate, not download count
Downloads are already showing signs of inflation in the OpenClaw data. npm took about five years to fully corrupt the download metric, and OpenClaw may get there faster given how easy programmatic installs are. Stars require an actual human to make a deliberate choice. A skill with a 0.8% star rate is 16× more trusted than one with a 0.05% star rate, and as the platform matures and adds active-install tracking (which every analogous platform has eventually done), the star-rate signal will only become more important. Tight scope, clear trigger language and reliable execution are the main levers.
Polymarket: 26.8k DL / 11 stars = 0.04% Self-improving: 275k DL / 2.5k stars = 0.91%
4
Principle
Localised markets are systematically undervalued
Five of the top 50 skills are explicitly built for Chinese users, Baidu Search (#7, 54.8k), AI PPT Generator (#19, 19.7k), Mx Stocks Screener (#31), ima skills (#42), and Tushare Pro (#48). Every historical platform market has underestimated China-specific demand until it became too large to ignore. The App Store, npm, and WordPress all developed distinct Chinese-market ecosystems years after they should have. The OpenClaw data suggests this category is currently undersupplied relative to demand. A creator with deep knowledge of any underserved regional or vertical market has a structural advantage that English-first generalist creators cannot easily replicate.
5 China-focused skills in top 50 Baidu Search: 54.8k downloads No Japanese, Korean, or EU-specific skills in top 50 yet
5
Principle
Position for the security wave before it arrives
Chrome Extensions followed a pretty predictable path: wild growth → malicious extension incident → platform crackdown → security tool demand spike. The ClawHub "nonSuspicious" filter already signals that malicious or low-quality skills are a live concern on the platform. MoltGuard's 56-version cadence and steady position in the top 25 suggests someone has already identified this opportunity. The question is not if a trust incident happens, but when. A well-maintained security or verification skill, built before the incident, will benefit enormously from the demand spike that follows it.
MoltGuard: #21, 56 versions Verified Agent Identity: #38 "nonSuspicious" filter already exists on ClawHub
6
Principle
Build for the monetisation transition now
Right now, every skill in the top 50 is free. That will not last. WordPress's free-plugin dominants lost significant ground within 18 months of the premium plugin wave beginning, Gravity Forms, WooCommerce, and Advanced Custom Fields reshaped the entire ecosystem by offering capabilities that the free tier could not. The first credible paid skill on OpenClaw will test whether users will pay, and that answer will determine the platform's ceiling. Build something people would pay for while everything is still free, so when the paid tier arrives, you are positioned rather than scrambling to retrofit a pricing model onto something designed to be free.
WordPress premium plugins: launched ~2008 Reshaped top-50 within 18 months Gravity Forms: $259/yr, millions in revenue
The central risk, and why this playbook has limits

Every principle above assumes the platform remains stable enough for skill moats to compound over time. The unique risk in OpenClaw, absent from every historical analogue, is that the underlying model is itself improving rapidly.

The self-improvement skills at #1, #2, and #3 exist because current Claude models are not natively good at persistent memory, self-correction, and structured knowledge graphs. If Claude 4 or 5 handles these natively, the top 3 skills on ClawHub are deprecated by a release note. This is not a theoretical risk, it is the central strategic tension of building on a rapidly improving AI platform.

The implication: the safest categories to build in are those that depend on external relationships the platform cannot replicate: connectors to third-party APIs, regional market knowledge, compliance and security frameworks, and domain-specific expertise. These are moats the model cannot absorb through a training run.

Fig. 06 Strategic opportunity matrix, durability vs current demand
DURABILITY (PLATFORM-PROOF)
LOW DEMAND
HIGH DURABILITY
HIGH DEMAND
HIGH DURABILITY ← WIN HERE
LOW DEMAND
LOW DURABILITY
HIGH DEMAND
LOW DURABILITY ← RIDE WAVE
API
Gateway
Chinese
market
Molt
Guard
Platform
Tooling
Office
Docs
Browser
Auto
Image
Gen
Self-
Improve
(platform risk)
CURRENT DEMAND
High priority, build here
Defensive / emerging
Ride the wave, plan exit
High demand, platform risk

High demand, high durability — win here

  • API Gateway
  • Chinese market

Low demand, high durability — defensive / emerging

  • MoltGuard
  • Platform tooling

High demand, lower durability — ride the wave

  • Office Docs
  • Browser automation
  • Image generation

High demand, platform risk

  • Self-improvement meta-skills (platform may absorb)

Same legend as desktop: solid orange = priority build; solid blue = defensive; grey = ride the wave; dashed = platform absorption risk.

The strategic sweet spot is the top-right quadrant: skills with strong current demand that are also platform-proof because they depend on external relationships (APIs, regional knowledge, compliance frameworks) the model cannot absorb through training.

Understand control points before you pick a category

One thing the Bain and McKinsey research on platform ecosystems makes clear is that the biggest long-term winners in plugin markets are not the ones who picked the most popular category. They are the ones who positioned themselves near a control point: a part of the platform stack that is hard to replicate and that many other participants depend on.

In WordPress, the control points were the official directory, the update mechanism, and the default bundled plugins (Akismet shipped with every install). In iOS, Apple owned distribution, billing, and device APIs as three interlocking control points. In npm, the central registry URL itself became a control point: everything routed through it, making certain packages critical infrastructure. In Shopify, checkout and the merchant billing relationship were the control points that made every app a complement rather than a competitor.

On OpenClaw the control points are still forming, which is exactly why now is the right time to think about them. The most defensible positions will be: the skill that owns the discovery layer (a meta-skill that manages and recommends other skills), the connector layer (the skill through which agent workflows touch external services), and the trust and verification layer (the skill that tells you which other skills are safe to run). Two of those three slots already have credible occupants. The third, discovery, is wide open.

Conclusion: this is 2007 for agent plugins

Every signal in the OpenClaw data is consistent with a market in its first 18 months. The power law is steep and still forming. Creator moats are crystallising in real time. The quality signal problem is visible already, just not critical yet. Monetisation has not arrived yet. The platform is improving faster than any analogous historical market ever did.

That combination of familiar dynamics and novel risk means the opportunity is real and the window is open, but it will not stay open long. The top-10 list in most analogous markets became nearly immutable within two to three years of launch. On OpenClaw, given the pace of the ecosystem, that window may be shorter.

The people who win will be the ones who treat this not as a novelty but as a familiar historical pattern playing out in a new context, and act with the urgency that kind of pattern recognition demands.

Data sourced from ClawHub (clawhub.ai) via live scrape, March 2026.
Top 50 skills by download count, nonSuspicious filter active.
Download figures represent cumulative installs and may include programmatic installs.
Star counts reflect deliberate user endorsements and are the preferred quality signal.
Historical comparisons draw on publicly available ecosystem data for
WordPress, Apple App Store, Shopify App Store, Chrome Extensions,
npm registry, and Bain/McKinsey platform strategy research.