OpenClaw Setup

shield-check

This guide sets up Civic as an MCP gateway for OpenClaw, giving you controlled access to cloud services with server-side token management and instant revocation.

Why This Approach

• No browser automation for OAuth — OAuth flows happen through Civic off-host, no credential exposure on your machine
• Server-side token management — OAuth tokens stored in Civic, never exposed to OpenClaw; all API calls proxied through MCP gateway
• Lower token usage — More efficient than browser automation, reducing AI processing costs
• Explicit MCP server authorization — You control which cloud services (Gmail, Calendar, etc.) OpenClaw can access via Civic
• OAuth scope enforcement — Least-privilege by default (e.g., read-only); OpenClaw must request elevation for write operations
• Instant revocation — Terminate API access immediately without reconfiguring OpenClaw (revoke authorization or delete toolkit)
• Centralized MCP gateway — Manage all cloud service access from Civic dashboard
• 30-day token expiration — Civic access tokens automatically expire, requiring periodic re-authorization

info

This approach secures OpenClaw's cloud API integrations via the MCP protocol. OpenClaw may have additional local capabilities outside Civic scope. See "What This Setup Secures" below for critical security information.

What This Setup Secures (and What It Doesn't)

✅ What Civic Controls

• OAuth token management — Tokens issued and stored server-side in Civic, never exposed to OpenClaw
• MCP server authorization — You authorize MCP servers (e.g., "Gmail", "Google Calendar") that OpenClaw can access
• OAuth scope enforcement — Least-privilege OAuth scopes (e.g., read-only Gmail initially) enforced at protocol level
• API request/response logging — Complete audit trail of every tool call: tool name, parameters, response, and timestamp. Queryable via Civic Chat (aggregated summary, line-by-line detail, or CSV export up to 5,000 lines). Retained ~30 days.
• Guardrails at protocol layer — Block requests that violate configured rules (e.g., block write operations, size limits)
• Instant token revocation — Terminate cloud API access immediately by revoking authorizations or deleting toolkit

❌ What Civic Does NOT Control

• Local file system access — OpenClaw can read/write files on the host machine without Civic visibility
• Terminal/shell commands — OpenClaw can execute system commands directly on the host
• Network scanning tools — Capabilities like nmap, port scanning happen outside MCP protocol
• Headless browser actions — Web automation that bypasses MCP gateway entirely
• OpenClaw's other Skills — Any non-MCP capabilities OpenClaw has installed
• Actions outside the MCP protocol — Civic guardrails operate at the tool level within the Hub, but OpenClaw's local capabilities (file system, terminal) are outside Civic's visibility
• Self-installation of MCP servers — Unless restricted to a specific toolkit, OpenClaw can add MCP servers without user approval

triangle-exclamation

🚨 CRITICAL SECURITY WARNING

NEVER log into Civic on the same machine where OpenClaw is running.

If you are logged into Civic on the OpenClaw host machine, OpenClaw could potentially open your browser and perform authentication on your behalf, granting itself unauthorized access.

Safe Setup:

• ✅ Configure and authorize Civic toolkit on a different machine
• ✅ Use OpenClaw on a separate machine that is NOT logged into Civic
• ✅ Authorize OpenClaw's requests via links sent to your email or accessed on another device

Your Security Responsibilities

When using OpenClaw with Civic, you must also:

• Restrict OpenClaw to a specific Civic toolkit — Prevents OpenClaw from self-installing MCP servers
• Review and configure OAuth scopes — Start with least-privilege (read-only) and approve elevation requests
• Set up guardrails — Configure parameter presets and constraints within each MCP server's settings
• Monitor token expiration — Civic tokens expire after 30 days; you'll need to re-authorize
• Disable unsafe OpenClaw Skills — Turn off terminal access, network tools, file system access if not needed
• Configure OS-level security — Set file permissions, firewall rules, sandboxing on OpenClaw host
• Monitor OpenClaw's local logs — Local activity is not visible to Civic

info

Civic secures the cloud API layer via MCP protocol. OpenClaw's local capabilities and the security of the host machine remain your responsibility. For production use with sensitive data, implement comprehensive system-level hardening.

Install the Civic Skill

For the best experience, install the official Civic skill from ClawHub:

clawhub install civictechuser/openclaw-civic-skill

Or visit the skill page directly and download the .zip file to give to your agent:

Civic Skill

Install the official Civic skill for OpenClaw

This skill teaches OpenClaw how to connect to Civic and use your configured MCP tools.

Quick Setup

The fastest way to get started is using our pre-configured OpenClaw toolkit prompt.

1. 1
   Open the setup prompt in Civic (on a DIFFERENT machine)

   triangle-exclamation

   Perform this step on a different machine than the one running OpenClaw.

   Visit the OpenClaw toolkit configuration:

   OpenClaw Quick Setup

   Launch the pre-configured OpenClaw toolkit in Civic

   This creates a toolkit with Gmail and Google Calendar in safety mode (read-only by default).

2. 2
   Authorize the services

   Follow the prompts to authorize Gmail and Calendar access. You'll be redirected to Google to grant permissions with least-privilege OAuth scopes.

3. 3
   Copy your MCP URL and token

   After setup, Civic provides:

   • MCP Gateway URL — safe to share (not secret)
   • Access Token — keep this private (expires after 30 days)

   Copy both values.

4. 4
   Configure OpenClaw (on the OpenClaw host machine)

   Add the credentials to your OpenClaw environment. Create or edit ~/.openclaw/workspace/.env:

   CIVIC_URL="https://app.civic.com/hub/mcp?accountId=YOUR_ACCOUNT_ID&profile=openclaw"
   CIVIC_TOKEN="your-access-token"

   Or configure via ~/.openclaw/openclaw.json:

   {
     "skills": {
       "entries": {
         "civic-mcp-bridge": {
           "enabled": true,
           "env": {
             "CIVIC_URL": "your-mcp-url",
             "CIVIC_TOKEN": "your-access-token"
           }
         }
       }
     }
   }

5. 5
   Verify the connection

   In OpenClaw, ask:

   List the MCP tools I have access to

   You should see Gmail and Calendar tools listed.

What's Included in Safety Mode

The quick setup configures these defaults with least-privilege OAuth scopes:

Service	Allowed	Blocked
Gmail	Read emails, search, create drafts	Send emails
Calendar	View events, check availability	Create, modify, delete events

Why safety mode?

Safety mode uses least-privilege OAuth scopes while you're getting familiar with the integration. When OpenClaw needs elevated permissions (e.g., to send an email), it will send you an authorization link. You can approve elevation requests as needed or enable full access by modifying the toolkit's OAuth scopes in Civic.

Manual Setup

If you prefer to configure everything yourself or want different permissions:

1. 1
   Create a Civic account (on a separate machine)

   triangle-exclamation

   Use a different machine than where OpenClaw runs.

   Go to app.civic.com and sign in.

2. 2
   Create a new toolkit

   1. Click Create Toolkit
   2. Name it (e.g., "openclaw" or "my-assistant")
   3. Switch to this toolkit for the following steps
3. 3
   Add MCP servers

   Add the MCP servers you want OpenClaw to access:

   • Gmail (gmail) — email access
   • Google Calendar (calendar) — calendar access
   • Google Drive (google-drive) — file access
   • PostgreSQL (postgresql) — database queries
   • See all 85 available servers

   info

   Civic authorizes OAuth connections at the MCP server level (e.g., "Gmail"). Use guardrails to control access at the individual tool level within each server.

4. 4
   Configure OAuth scopes

   For each MCP server, configure the OAuth scopes:

   • Start with least-privilege (read-only) scopes
   • When OpenClaw needs elevated permissions, it will request approval via a link
   • Approve elevation requests only when necessary and expected
5. 5
   Configure guardrails (optional)

   Set up guardrails within each MCP server's settings:

   • Use parameter presets to create hard limits the LLM cannot override
   • Example: Limit Slack MCP server to only write to a specific channel
   • Note: Guardrails apply per-MCP-server and cannot span across services
6. 6
   Generate your access token

   In your Civic profile settings, generate a private access token.

   lock

   Never share this token or paste it into chat. Store it securely. Token expires after 30 days.

7. 7
   Configure OpenClaw (on the OpenClaw host)

   Add credentials to ~/.openclaw/workspace/.env:

   CIVIC_URL="your-mcp-gateway-url"
   CIVIC_TOKEN="your-access-token"

Authorization Flow

When OpenClaw tries to use a service or needs elevated permissions:

1. 1
   OpenClaw requests access

   Ask OpenClaw something like:

   Check any meetings I have tomorrow

2. 2
   Civic validates the request

   Civic checks:

   • Is the MCP server authorized in this toolkit?
   • Does the OAuth scope allow this operation?
   • Do any guardrails block this request?
3. 3
   Approve if needed (on a different device)

   If authorization or elevation is needed, OpenClaw provides a link. Open it on a different device (not the OpenClaw host) and approve.

4. 4
   Confirm completion

   Return to OpenClaw and say:

   Done

   OpenClaw now has access to that service with the approved scope.

Managing Access

You stay in control at all times.

View active permissions

In Civic, go to Authorizations to see all active MCP server connections and their OAuth scopes.

Revoke access

Click Revoke on any authorization to immediately disable access. Revocation is instant — OpenClaw loses API access immediately.

Delete toolkit

For complete access termination, delete the entire toolkit. This revokes all authorizations at once.

Modify OAuth scopes

Edit your toolkit's OAuth scope settings to enable or disable specific operation types without revoking the entire connection.

Production Deployment & Security Considerations

triangle-exclamation

This guide covers development and testing setup only.

🚨 CRITICAL: Machine Separation Requirement

NEVER log into Civic on the same machine where OpenClaw is running.

If you are logged into Civic locally, OpenClaw could potentially open your browser and authenticate on your behalf, bypassing all security controls.

Required Setup for Production:

1. Civic configuration machine — Use a separate, secure machine to:
   • Create and configure your Civic toolkit
   • Authorize MCP servers and OAuth scopes
   • Set up guardrails and parameter presets
2. OpenClaw runtime machine — The machine running OpenClaw should:
   • NEVER have an active Civic login session
   • Only have the MCP gateway URL and access token (via .env file)
   • Be used to authorize OpenClaw requests via email links or on another device

Required Additional Steps for Production

1. Restrict OpenClaw to a Specific Toolkit

• Configure OpenClaw to use only your pre-authorized Civic toolkit
• This prevents OpenClaw from self-installing additional MCP servers without your approval
• Follow the setup instructions in this guide to bind OpenClaw to your toolkit

2. Configure Least-Privilege OAuth Scopes

• Start with read-only access for all services (Gmail read, Calendar read, etc.)
• When OpenClaw needs elevated permissions (e.g., send email, create event), it will send you an authorization link
• Approve elevation requests only when necessary and expected

3. Set Up MCP Server Guardrails

• Configure guardrails within each MCP server's settings in Civic
• Use parameter presets to create hard limits the LLM cannot override
• Example: Limit Slack MCP server to only write to a specific channel
• Note: Guardrails apply per-MCP-server and cannot span across services

4. Implement System-Level Security Controls

• Containerization/sandboxing (Docker, VM isolation) for OpenClaw host
• Network segmentation and firewall rules
• File system permissions limiting OpenClaw's access
• Disable unnecessary OpenClaw Skills (terminal, network tools, browser automation)

5. Configure Monitoring and Token Management

• Monitor Civic audit logs (API requests/responses retained ~30 days)
• Monitor OpenClaw's local logs (not visible to Civic)
• Set calendar reminders for 30-day Civic token expiration
• Configure alerts for unexpected authorization elevation requests

6. Follow Enterprise Security Best Practices

• Principle of least privilege for all system access
• Regular security reviews of authorized MCP servers and OAuth scopes
• Incident response plan for compromised agents (immediate toolkit deletion or authorization revocation)
• Never deploy with production customer data or PII without comprehensive hardening

Shared Security Responsibility

Civic provides:

• OAuth token management and storage
• MCP server authorization enforcement
• OAuth scope enforcement (least-privilege, elevation requests)
• API request/response logging at the MCP gateway
• Guardrails at the protocol layer (when configured)
• Immediate token revocation capability

You are responsible for:

• Selecting and configuring AI agent software (OpenClaw)
• Securing the OpenClaw runtime environment (host machine)
• Never logging into Civic on the OpenClaw host machine
• Restricting OpenClaw to a specific Civic toolkit
• Disabling unsafe OpenClaw Skills and local capabilities
• Configuring guardrails and parameter presets in Civic
• Monitoring both Civic logs AND OpenClaw local logs
• Managing token expiration and re-authorization (every 30 days)
• Compliance with third-party service terms of service
• Reviewing and agreeing to the Civic Customer Product Specific Terms

Incident Response

If you suspect OpenClaw is compromised or acting erratically:

1. Immediately revoke access — Go to Civic → Authorizations → Delete toolkit or revoke individual service authorizations
2. Revocation is instant — OpenClaw will lose API access immediately
3. Investigate locally — Check OpenClaw's local logs and host machine for unauthorized actions
4. Re-authorize carefully — When creating new toolkit, review all settings and start with minimal permissions

Limitations:

• Civic cannot detect if OpenClaw has been compromised
• Civic cannot emergency-stop an OpenClaw session (use toolkit deletion or authorization revocation)
• Civic cannot detect if OpenClaw has direct OAuth grants outside Civic

info

For production deployments with customer data or PII: This setup provides cloud API security via MCP protocol, but you must implement comprehensive system-level hardening, monitoring, and access controls. Consult with your security team before deploying AI agents in production environments.

Result

✅ What You've Achieved:

• OpenClaw accesses authorized cloud services via Civic-managed OAuth tokens at the MCP protocol layer
• MCP server permissions are explicit, logged, and revocable in real-time
• OAuth tokens remain in Civic server-side and are never exposed to OpenClaw
• Least-privilege OAuth scopes enforced by default; elevation requires your approval
• All cloud API requests/responses are logged in Civic (retained ~30 days)
• Access managed via app.civic.com from a separate machine (never log into Civic on OpenClaw host)

Example Workflow:

1. OpenClaw requests calendar data via MCP gateway
2. Civic validates MCP server authorization and OAuth scope
3. If not authorized, Civic sends you an approval link (access on different device/email)
4. You approve, and calendar events are returned to OpenClaw
5. All activity is logged in Civic audit trail
6. Access persists for 30 days (token expiration), then requires re-authorization
7. You can instantly revoke access anytime by deleting toolkit or revoking authorization

triangle-exclamation

Critical Reminder: This secures OpenClaw's cloud API access via MCP protocol. OpenClaw's local capabilities (file system, terminal, network tools, other Skills) remain outside Civic control and are your responsibility to secure. Never log into Civic on the machine running OpenClaw.

Troubleshooting

'CIVIC_TOKEN environment variable is required'

Make sure you've added the token to your .env file:

export CIVIC_TOKEN="your-token-here"

Then restart OpenClaw.

'Authorization required' error

Some MCP servers need OAuth authorization on first use. Click the authorization URL provided (on a different device) and complete the flow, then tell OpenClaw "Done".

'Elevation required' for write operations

If you configured least-privilege (read-only) scopes, write operations require elevation. Approve the elevation request via the link provided, or modify OAuth scopes in your Civic toolkit.

Token expired

Tokens last 30 days. Generate a fresh token from your Civic profile settings if you see authentication errors. Set a calendar reminder to re-authorize before expiration.

Connection timeout

API calls through Civic can take 10-15 seconds due to server-side processing. This is normal.

Resources

Available MCP Servers

Browse all 85 integrations

Toolkits

Learn how toolkits organize your tools

Guardrails

Configure protocol-layer security controls

Security

How Civic keeps your data safe

OAuth & Scopes

Understanding OAuth scope enforcement

Product Terms

Civic Customer Product Specific Terms

Get Help

Ask questions in our developer Slack