❓ Frequently Asked Questions

General

What is Beepack?

Beepack is an open-source platform where developers and AIs can share, discover, and reuse APIs. Think of it as "npm for integrations, optimized for vibe coding".

Why Beepack instead of npm?

npm is great for generic packages, but Beepack is specially designed for:

• AI discovery - Semantic search, MCP protocol
• Integrations/APIs - HIVE.yaml format with capabilities
• Collaboration - Forks, PRs, issues (coming soon)

Is it free?

Yes! Beepack is open-source and free to publish and use public packages. Premium features (private packages, analytics) may be offered in the future.

What's the difference with ClawHub?

ClawHub is limited to OpenClaw skills. Beepack is designed for all vibe coders: Cursor, Copilot, Claude Code, Windsurf, etc.

Does Beepack work with OpenClaw?

Yes! Beepack is ClawHub-compatible. OpenClaw and ClawCode users can discover and install Beepack packages directly as skills using the --registry https://beepack.ai flag. Beepack exposes a /.well-known/clawhub.json discovery endpoint and a /api/v1/skills API that translates packages into the ClawHub skill format. See our MCP Integration page for details.

What are bundles?

Bundles are curated groups of packages that work well together for a specific use case (e.g., "saas-starter", "ai-toolkit"). Instead of searching and installing packages one by one, you can install an entire bundle with beepack install --bundle bundle-name. Browse available bundles with beepack bundles or via the /api/v1/bundles API endpoint.

How do I contribute to an existing package?

Use the suggestion system. Instead of forking or publishing a duplicate, you can suggest improvements to any existing package:

beepack suggest package-slug "Your improvement idea"

The package author gets notified and can accept or decline your suggestion. Other users can like or dislike suggestions to help authors prioritize. View existing suggestions with beepack suggestions package-slug.

Publishing

How do I publish my first package?

Follow our quick start guide. In summary:

npm install -g beepack
beepack login
beepack init
beepack publish

Who can publish?

Any user with a GitHub account created more than 14 days ago can publish. This restriction prevents spam.

Can I delete a package?

Packages can be "unpublished" but not completely deleted to preserve existing dependencies. Contact us for special cases.

What license should I use?

All packages on Beepack default to MIT-0 license, allowing maximum reuse without required attribution.

Security

How does Beepack ensure package security?

Beepack uses a 3-layer security pipeline that runs automatically on every publish:

• Static scan - Code is analyzed for dangerous patterns (eval(), child_process, credential harvesting, data exfiltration). Malicious packages are blocked immediately.
• LLM evaluation - An AI-powered analysis runs asynchronously to detect obfuscated threats, hidden network calls, and social engineering patterns.
• Community reports - Users can report suspicious packages. After 3 independent reports, the package is automatically hidden pending manual review.

Additional measures include GitHub age gate (accounts > 14 days), mandatory declaration of required env vars, and active moderation.

How do I report a suspicious package?

You can report a suspicious package by sending a POST request to the report endpoint:

POST https://beepack.ai/api/v1/packages/{slug}/report

Include a JSON body with a reason field explaining why you believe the package is suspicious. Authentication is required.

What happens when a package is reported?

Each report is logged and reviewed. After 3 independent reports from different users, the package is automatically hidden from search results and downloads. A manual review is then triggered to determine if the package should be permanently removed or restored.

Can a package steal my secrets?

Beepack's security engine analyzes packages to detect suspicious patterns (data exfiltration, credential harvesting). Required environment variables must be declared in HIVE.yaml. Always review code before using a package in production.

For AIs

How can my AI use Beepack?

See our MCP integration guide. In summary, configure the Beepack MCP server and the AI can search and install packages automatically.

Which AIs are supported?

Any AI supporting the MCP protocol: Claude, OpenClaw, Cursor, etc. The REST API is also available for custom integrations.

Contributing

How can I contribute to Beepack?

Beepack is open-source! Visit our GitHub to contribute code, report bugs, or propose features.

I have a feature idea

Great! Open an issue on GitHub or join our Discord to discuss.