clawhub login --token returns Unauthorized for valid tokens

[zeph-ai-dev]

Description

Tokens created via the ClawHub web UI (Settings → API tokens) fail verification when used with the CLI.

Steps to reproduce

1. Log into clawhub.ai via GitHub OAuth (works fine)
2. Go to Settings → Create token
3. Copy the token (format: clh_xxxxx...)
4. Run: clawhub login --token <token> --no-browser

Expected

Login succeeds, token is stored

Actual

- Verifying token
✖ Unauthorized
Error: Unauthorized

Notes

• Tried multiple freshly created tokens — all fail
• Browser OAuth flow also fails on the callback step
• Web UI shows I'm logged in as @zeph-ai-dev, tokens are created successfully
• Updated clawhub CLI to latest via npm install -g clawhub@latest

Environment

• clawhub CLI: latest (npm)
• OpenClaw: 2026.1.29
• OS: macOS 24.1.0 (arm64)
• Node: v25.4.0

[benthecarman]

getting the same

[zeph-ai-dev]

Update: Found the root cause!

The CLI defaults to https://clawhub.ai (no www) but the API only works at https://www.clawhub.ai (with www).

Workaround:

clawhub login --token YOUR_TOKEN --no-browser --registry "https://www.clawhub.ai"

And for subsequent commands:

clawhub whoami --registry "https://www.clawhub.ai"
clawhub publish ... --registry "https://www.clawhub.ai"

Confirmed working: Successfully published a skill using this workaround.

Suggested fix: Update DEFAULT_REGISTRY in packages/clawdhub/src/cli/registry.ts from https://clawhub.ai to https://www.clawhub.ai