HowOpenClawOpenClaw MCP: Model Context Protocol servers, tools, and integrations
How to add MCP servers to OpenClaw, configure per-agent scoping, and use bundled MCP tools. Covers stdio, HTTP, OAuth-backed servers, and common errors.
MCP — Model Context Protocol — is how OpenClaw connects to external tool servers. Instead of bundling every integration, OpenClaw discovers tools at runtime from any MCP server you configure: a Chrome DevTools session, a SQLite database, a Notion workspace, your own internal API.
If you've installed a skill, you've used MCP indirectly. This page is for when you want to add your own MCP servers, scope them per-agent, or debug why their tools aren't showing up.
When to use MCP vs a skill
| Use a skill | Use an MCP server |
|---|---|
| You want a one-line install from ClawHub | You have a custom tool no skill exists for |
| The integration is stable and shared | The tool runs in a separate process you control |
| You're a beginner | You're comfortable editing config files |
| You want OAuth handled for you | You need a long-running stateful server (e.g. a browser session) |
In practice most users start with skills, then graduate to MCP when they need something specific.
Adding an MCP server
Edit ~/.openclaw/openclaw.json and add an mcp.servers entry. Two forms:
Stdio (subprocess) servers
{
"mcp": {
"servers": {
"sqlite": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-sqlite", "/path/to/db.sqlite"]
}
}
}
}OpenClaw launches the command on demand and speaks MCP over its stdin/stdout. Best for local-only tools.
HTTP / SSE servers
{
"mcp": {
"servers": {
"internal-api": {
"url": "https://mcp.internal.example.com/sse",
"headers": {
"Authorization": "Bearer ${INTERNAL_API_TOKEN}"
}
}
}
}
}${INTERNAL_API_TOKEN} resolves through OpenClaw's SecretRef system at runtime — the raw template never reaches the wire.
Restart the Gateway after editing config:
openclaw gateway restartThen verify:
openclaw mcp list # Shows configured MCP servers
openclaw tools list --detailed # Shows every tool the agent can now callPer-agent scoping
You typically don't want every agent to see every MCP server. A coding agent might need Chrome DevTools; a briefing agent shouldn't.
The current options (v2026.5.19):
{
"tools": {
"deny": ["browser_*", "sqlite_*"]
}
}tools.deny works against MCP-surfaced tools, so you can block whole servers by tool-name prefix. Per-agent MCP server allowlists (agents.[name].mcp) are tracked as an open feature — for now use deny lists per-agent.
OAuth-backed MCP servers
Some MCP servers (Notion, Linear, GitHub-as-MCP) require OAuth rather than a static bearer token. OpenClaw's bundle-mcp supports static bearer headers today. OAuth 2.1 client_credentials for remote MCP servers is tracked as an open feature request — for now, mint a long-lived token outside OpenClaw and use the static header form above.
Common errors
| Error | Cause | Fix |
|---|---|---|
Tool doesn't appear in tools list | MCP server failed to start | openclaw logs --filter mcp to see the launch error |
unresolved SecretRef on model providers | request.headers SecretRef fails in embedded agent context | Switch to env var literal until the v2026.5.19 fix lands in your stable channel |
| MCP tools missing in subagent sessions | Tracked subagent MCP injection bug | Call from parent agent and pass result via prompt |
tools.deny not enforced for claude-cli backend MCP | claude-cli backend doesn't see deny list | Switch to default backend or remove the MCP server entry |
| Sidecar memory growth (Codex Chrome DevTools) | Chrome DevTools MCP sidecars accumulate on long-running gateways | Restart Gateway daily; tracked bug as of v2026.5.18 |
For any other MCP failure, openclaw logs --filter mcp --tail 100 shows the full handshake — server launch, capability negotiation, tool list. If you see "tools/list error" the server is responding but malformed; if you see "spawn ENOENT" the command can't be found in PATH.
Browsing MCP servers
There's no single canonical registry yet. The MCP community maintains lists at github.com/modelcontextprotocol/servers — official reference servers (SQLite, filesystem, Git, GitHub, GitLab, Postgres, Puppeteer, etc.) and a community-maintained index.
For OpenClaw-specific bundled MCP integrations, run:
openclaw mcp list # Currently only shows mcp.servers entriesNote: openclaw mcp list only shows servers defined in your config under mcp.servers — it doesn't surface mcporter or skill-provided MCP servers. This is tracked as a UX issue.
→ MCP specification · Reference servers · CLI Cheatsheet · Skills & Tools
FAQ
- What is MCP in OpenClaw?
- MCP (Model Context Protocol) is an open standard that lets your agent call tools running in external processes — anything from Chrome DevTools to a database query server. OpenClaw discovers MCP servers from your config and exposes their tools to the agent automatically. See the official MCP spec for the protocol details.
- How do I add an MCP server to OpenClaw?
- Add an entry under `mcp.servers` in `~/.openclaw/openclaw.json` with a `command` (for stdio servers) or `url` (for HTTP/SSE servers). Run `openclaw mcp list` to confirm OpenClaw picked it up, then `openclaw tools list` to see the new tools surfaced to the agent.
- How do I limit which MCP tools an agent can use?
- Use `tools.deny` in your agent config or set a per-agent allowlist under `agents.[name].mcp`. As of v2026.5.19 per-agent MCP scoping is an open feature request — for now, deny lists are the most reliable way to keep production MCP servers out of sandboxed agents.
- Why don't my MCP tools show up in subagent sessions?
- Subagents (spawned via `sessions_spawn`) currently don't inherit MCP tool injection — this is a tracked bug as of v2026.5.19. Workaround: have the parent agent call the MCP tool and pass the result to the subagent via prompt, or call the MCP server directly from the subagent's system prompt instructions.
- How do I see what MCP tools my agent has?
- Run `openclaw mcp list` to see configured MCP servers, then `openclaw tools list --detailed` to see every tool the active agent can call (built-in + skill-provided + MCP-surfaced). Tools are grouped by source so you can tell at a glance whether a missing capability is a disabled built-in or an unmounted MCP server.