OpenClaw MCP Server

OpenClaw MCP Server is a secure Model Context Protocol (MCP) bridge that connects Claude.ai with a self-hosted OpenClaw assistant, enabling OAuth2 authentication and safe, controlled communication between the Claude AI ecosystem and your local or hosted OpenClaw deployment. This MCP server acts as an orchestration layer that exposes MCP tools to Claude.ai, manages authentication, and enforces security boundaries like CORS and transport options. It is designed to be deployed via Docker or run locally, with detailed installation, configuration, and security guidance provided in the documentation. By serving as a bridge, it enables Claude.ai to delegate tasks to your OpenClaw bot while preserving control over data flow and access controls, in line with MCP specifications and best security practices.

The MCP server enables Claude.ai to securely interact with a self-hosted OpenClaw assistant. It exposes a set of tools that Claude can invoke, including synchronous chat and status checks, as well as asynchronous long-running tasks for more complex operations. It supports OAuth2 authentication, CORS configuration, and transport options (such as SSE) to fit your deployment scenario. Example usage includes running the server with Docker Compose, starting a local development instance, or running remotely behind a reverse proxy with proper issuer URL configuration to ensure OAuth metadata is advertised correctly. The server also supports adding more tools over time and provides integration guides for Claude Desktop and Claude.ai configurations.

Key starting points from the docs include:

Code examples from the documentation:

Docker (Recommended) snippet for docker-compose:

services:
  mcp-bridge:
    image: ghcr.io/freema/openclaw-mcp:latest
    container_name: openclaw-mcp
    restart: unless-stopped
    ports:
"3000:3000"

    environment:
OPENCLAW_URL=http://host.docker.internal:18789

OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}

AUTH_ENABLED=true

MCP_CLIENT_ID=openclaw

MCP_CLIENT_SECRET=${MCP_CLIENT_SECRET}

MCP_ISSUER_URL=${MCP_ISSUER_URL:-}

CORS_ORIGINS=https://claude.ai

    extra_hosts:
"host.docker.internal:host-gateway"

    read_only: true
    security_opt:
no-new-privileges

Generate secrets and start:

export MCP_CLIENT_SECRET=$(openssl rand -hex 32)
export OPENCLAW_GATEWAY_TOKEN=your-gateway-token
docker compose up -d

Then in Claude.ai add a custom MCP connector pointing to your server with MCP_CLIENT_ID=openclaw and your MCP_CLIENT_SECRET.

Tip: Pin a specific version instead of latest for production: ghcr.io/freema/openclaw-mcp:1.1.0.

Local (Claude Desktop) usage:

npx openclaw-mcp

Claude Desktop config example:

{
  "mcpServers": {
    "openclaw": {
      "command": "npx",
      "args": ["openclaw-mcp"],
      "env": {
        "OPENCLAW_URL": "http://127.0.0.1:18789",
        "OPENCLAW_GATEWAY_TOKEN": "your-gateway-token",
        "OPENCLAW_TIMEOUT_MS": "300000"
      }
    }
  }
}

Remote (Claude.ai) without Docker:

AUTH_ENABLED=true MCP_CLIENT_ID=openclaw MCP_CLIENT_SECRET=your-secret \
  MCP_ISSUER_URL=https://mcp.your-domain.com \
  CORS_ORIGINS=https://claude.ai OPENCLAW_GATEWAY_TOKEN=your-gateway-token \
  npx openclaw-mcp --transport sse --port 3000

> Important: When running behind a reverse proxy (Caddy, nginx, etc.), you must set MCP_ISSUER_URL (or --issuer-url) to your public HTTPS URL. Without this, OAuth metadata will advertise http://localhost:3000 and clients will fail to authenticate.