clawband
native MCP server · 90 providers

Set your agents loose. Keep them accountable.

Connect your own Stripe, Gmail, GitHub, Notion, Linear, and 85 other accounts once. Give Claude Code, OpenClaw, or your custom agent a narrow, scoped key. No raw tokens, and a full audit log of everything it does.

Start freeRead the docs

Free tier. Usage-based pricing after that. No card required.

terminal
# Add Clawband to Claude Code (or any MCP client)
claude mcp add clawband \
  --transport http \
  --url https://api.clawband.com/mcp \
  --header "Authorization: Bearer cb_live_a8f3…"

# Your agent now sees only the tools you allowed,
# across every account you've connected.

The problem

Giving an agent access to the services you use is all-or-nothing today.

Raw API keys give your agent the whole account

Drop your Stripe key into an agent's config and it can issue refunds, move payouts, and read your customer list. Most provider APIs have no concept of a scoped, narrowly-grantable token. Your agent inherits everything you have.

Every service wants its own OAuth dance

Wiring an agent to Gmail, Notion, GitHub, Linear, and Stripe means five OAuth apps, five sets of scopes, and five token refreshes, all before you've written a single prompt. And the moment you swap agents, you do it all again.

No idea what the agent actually did

When the agent sends the wrong email, closes the wrong issue, or refunds the wrong charge, you're left grepping through twelve provider dashboards. There's no single per-call log of what it tried, what it sent, and what came back.

How it works

Connect once. Grant narrowly. Audit everything.

  1. 01

    Connect your accounts

    Sign into Stripe, Gmail, GitHub, Notion, or whatever else you use, once, in the Clawband dashboard. Tokens are encrypted and stay in the gateway. Your agent never sees them.

    stripe   · connected
gmail    · connected
github   · connected
notion   · connected
  2. 02

    Create an agent key, pick its tools

    Issue a Clawband key per agent. Check the exact tools it's allowed to call. Pin parameters (e.g. only this Slack channel, only this Notion database) so the surface is narrow even on a bad day.

    agent: my-coding-agent
  + github.create_pr
  + linear.update_issue
  + slack.post_message
      channel = #dev-log
  3. 03

    Point your agent at one endpoint

    Drop the key into Claude Code, OpenClaw, Cursor, or your own runtime via MCP, or POST JSON to /v1/invoke. Clawband enforces the policy and writes a per-call audit log you can review.

    POST /mcp
{
  "method": "tools/call",
  "params": { "name": "github.create_pr", ... }
}

Code

One line to wire up. One list of what your agent can do.

Clawband speaks native MCP and also exposes a plain HTTP endpoint. The tools your agent sees in tools/list are exactly the ones you ticked. Nothing else is callable.

terminal
# MCP setup (one line)
claude mcp add clawband \
  --transport http \
  --url https://api.clawband.com/mcp \
  --header "Authorization: Bearer cb_live_a8f3…"

Integrations

90 services your agent can use.

See all 90 integrations
Stripe
Slack
GitHub
Notion
Linear
HubSpot
Shopify
Google Drive
Gmail
Google Calendar
Zoom
Microsoft Teams
Discord
Twilio
Asana
Jira
Trello
ClickUp
Mailchimp
SendGrid
Vercel
Cloudflare
AWS
Datadog

+ 66 more, across calendar, email, cloud storage, dev tools, finance, smart home, and more.

Security & policy

If your agent's key leaks, the blast radius stays small.

Policy at the edge

Per-agent tool allowlists

Each Clawband key carries an explicit list of tools it can call. Everything else is invisible to that agent, even if the provider's API supports it.

my-coding-agent:
  - github.create_pr
  - linear.update_issue

Parameter pinning

Lock specific parameters to constants. The agent can't override them, even if it tries, even if a prompt tells it to.

slack.post_message:
  channel: "#dev-log"   # pinned

Minimal OAuth scopes

When you connect a provider, Clawband requests only the OAuth scopes the tools you've enabled actually need. Nothing speculative.

github scopes:
  repo:status, pull_request

Observability & safety

Response scrubbing

Some provider APIs return credential material (webhook signing secrets, API keys, embed tokens) inside otherwise routine responses. The gateway strips that material before the agent sees it, so a misbehaving agent can't read its way around the policy.

// upstream response
{ "id": "whsec_...", "secret": "whsec_8a…" }

// what the agent receives
{ "id": "whsec_...", "secret": "[redacted]" }

Full audit log

Every call: timestamp, which agent key, which tool, the exact parameters sent upstream after policy was applied, upstream status, and a hash of the response. Browse it in the dashboard or stream it to your own sink.

2026-05-26T11:04:12Z  my-coding-agent
  slack.post_message  channel=#dev-log
  upstream=200  hash=sha256:7c…

FAQ

Common questions.