OpenClaw.
OpenClaw is an open-source, local-first AI agent framework. A Gateway routes messages through an Agent Runtime that executes a ReAct (Reason + Act) loop against any LLM you point it at — Claude, GPT, Gemini, or a local model via Ollama. Agents have persistent memory (markdown + SQLite) and run on your own hardware.
Two ways to connect Agent Cert. Pick the one that fits your setup.
Option A — MCP (recommended)
OpenClaw ships with native MCP client support — both stdio and HTTP/SSE transports. Point it at our SSE endpoint and all six tools auto-discover.
Edit your openclaw.json (or the equivalent config in your OpenClaw install) and add the Agent Cert server:
{
"mcpServers": {
"agent-cert": {
"type": "sse",
"url": "https://api.agentcert.net/mcp/sse",
"headers": {
"X-API-Key": "ak_live_..."
}
}
}
}After restarting the OpenClaw Gateway, agents in your instance can call any of these tools without extra wiring:
certify_decision— submit an execution and get a signed, anchored receiptget_receipt— fetch a single receiptverify_receipt— re-verify a receipt's signature and hashescheck_credits— balance checklist_my_receipts— recent receipts for this accountget_anchor_proof— on-chain anchor proof
Get your API key at /welcome. See the full MCP reference at /docs/mcp.
Option B — OpenClaw Skill (no MCP)
If you'd rather wrap Agent Cert as a first-class OpenClaw Skill — for portability, for sharing across your team, or to compose with other Skills — drop a SKILL.md into your OpenClaw skills directory.
1. Create the Skill file
---
name: agent-cert
display_name: Agent Cert — Decision Receipts
version: 1.0.0
description: |
Certify AI decisions with Agent Cert. Submits an execution to the
REST API, returns a signed, blockchain-anchored Decision Receipt
with a public verify URL.
requirements:
env:
- AGENT_CERT_API_BASE
- AGENT_CERT_API_KEY
---
# Agent Cert Skill
Use this skill when the agent makes a meaningful decision that the user,
their customer, or an auditor will want to verify later. Examples:
invoice approvals, content moderation calls, support escalations,
compliance routing.
## When to invoke
After producing the final decision / answer, call `certify` with:
- **agent_id** — stable identifier for this agent (e.g. `openclaw_invoice_bot`)
- **user_intent** — the user's original request
- **agent_output** — what the agent decided / produced
- **tools_used** — names of any tools/skills invoked during this run
- **retrieval_summary** — short plain-text summary of context retrieved (optional)
## Action: certify
```bash
curl -X POST "$AGENT_CERT_API_BASE/v1/receipts" \
-H "X-API-Key: $AGENT_CERT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "{{agent_id}}",
"platform": "openclaw",
"user_intent": "{{user_intent}}",
"agent_output": "{{agent_output}}",
"tools_used": {{tools_used}},
"retrieval_summary": "{{retrieval_summary}}"
}'
```
Returns a JSON Decision Receipt with `receipt_id`, `trust_score`,
`risk_level`, `signature`, and `verify_url`.
## What to return to the user
Append the `verify_url` to the final response so the user can
independently verify the decision. Pattern:
> {your answer}
>
> Verify: {verify_url}
## On low credits
If the API returns HTTP 402, surface a clear message: "Agent Cert
credits exhausted — top up at https://agentcert.net/credits".
2. Set environment variables
export AGENT_CERT_API_BASE="https://api.agentcert.net"
export AGENT_CERT_API_KEY="ak_live_..."3. Activate the skill
Drop the file at ~/.openclaw/skills/agent-cert/SKILL.md (or wherever your OpenClaw install reads skills from). Restart the Gateway and the skill becomes discoverable to all agents in the instance.
Choosing between MCP and Skill
| MCP path | Skill path | |
|---|---|---|
| Setup | 3 lines in openclaw.json | One SKILL.md file |
| Tool discovery | Automatic — agent sees all 6 tools | Manual — you describe each action in markdown |
| Updates | Pulled from the server every reconnect | Pinned to whatever you committed to the SKILL.md |
| Portability | Anywhere MCP works | OpenClaw-specific, but easily copied between instances |
| Best for | Most teams; production deployments | Air-gapped environments; teams that prefer markdown contracts |
Recommended: MCP. Less to maintain, less to drift out of date when we add new tools.
Local-first considerations
OpenClaw deployments often run entirely on local hardware (Mac Mini, homelab, on-prem) and deliberately avoid third-party API calls. Agent Cert is a third-party API by design — the whole point is independent certification — so plan for outbound HTTPS access from your OpenClaw host to api.agentcert.net (port 443).
If you have strict egress policies, allowlist:
api.agentcert.net(REST + MCP endpoints)agentcert.net(verify URLs that get embedded in receipts)
Costs
- Each
certify_decisioncall: 3 Agent Cert credits. - OpenClaw itself: no Agent Cert cost — the integration is just an outbound HTTPS call (or MCP message) per certification.
See also
- MCP Server reference — full tool list with parameters
- REST API reference — for the Skill path
- Bind a policy — so you don't need to pass
policy_ruleson every call - openclaw.ai — OpenClaw project home