Integration Guide

clavitor + OpenClaw

Your OpenClaw agent manages credentials, rotates API keys, and completes 2FA — all from a single MCP tool call. Personal data stays sealed behind your biometric.

What your agent sees

Shared fields

Your agent reads these to authenticate, deploy, and automate.

  • API keys (GitHub, AWS, Stripe, OpenAI…)
  • SSH host credentials
  • Database connection strings
  • TOTP seeds — live 2FA codes on demand
  • Service account passwords
What your agent never sees

Personal fields

Encrypted client-side with your biometric. The server stores ciphertext. No key, no access.

  • Credit card numbers & CVV
  • Passport & government IDs
  • Recovery codes & seed phrases
  • Social security numbers
  • Bank account details

Connect in 60 seconds

1. Install the ClawHub skill

claw install clavitor

2. Configure your token

Create a token in the clavitor web UI, then set it in your OpenClaw config:

claw config set clavitor.url "http://localhost:1984/mcp"
claw config set clavitor.token "clavitor_your_token_here"

3. Use it in your skills

# In any OpenClaw skill:
result = clavitor.get_credential("github")
totp   = clavitor.get_totp("aws")
keys   = clavitor.search_vault("ssh")

Using hosted clavitor?

Your MCP URL includes your unique vault identifier. You can find the exact URL in your Account Information page after signing up.

It looks like: https://clavitor.com/your_vault_id/mcp

You don’t have to do anything

Once connected, your OpenClaw agent handles credentials automatically. It looks up what it needs, generates 2FA codes, and authenticates — you just describe what you want done.

“Deploy to production”

Your agent looks up server credentials, SSH key, and any required API tokens — then does the deployment.

get_credential("aws-production")
get_totp("aws")  →  283941 (expires in 22s)

“Log in to GitHub and check the CI”

Your agent finds the credential, generates a live TOTP code, and completes the 2FA flow. No phone needed.

get_credential("github")
get_totp("github")  →  847203 (expires in 14s)

“Find my database credentials”

Full-text search across all entries — titles, URLs, usernames, notes.

search_vault("postgres")

“What’s expiring soon?”

Check for credentials, cards, or documents expiring within any timeframe.

check_expiring(30)

“Show me everything”

List all entries the agent has access to. Useful for inventory or onboarding.

list_credentials()

“Save this API key”

Your agent stores new credentials, notes, and configuration directly in your vault. Sign up for a service, generate an API key — it saves it immediately.

“Remember this for later”

License keys, server configs, migration plans, recovery instructions — anything your agent needs to remember goes straight into your vault, encrypted and searchable.

Multi-agent swarm support

Running a swarm of OpenClaw agents? Each gets its own API key.

Deploy agent

Its own API key for SSH keys, server creds, and API tokens

Billing agent

Its own API key for Stripe, payment gateways, and invoicing

Dev agent

Its own API key for GitHub, CI/CD, and database credentials

Every access is logged

The audit log records which agent accessed which credential, when, and from where.

TIME                 ACTION  ENTRY               ACTOR
2026-03-08 10:23:14  read    github.com          mcp:claw-deploy
2026-03-08 10:23:15  totp    github.com          mcp:claw-deploy
2026-03-08 11:45:02  read    aws-production      mcp:claw-billing
2026-03-08 14:12:33  search  "database"          mcp:claw-dev

Get started

Self-host (free) Hosted ($12/yr)