ClawLink is designed so that provider credentials stay off your machine and out of your codebase. Hosted connection flows and tool execution happen in ClawLink’s infrastructure. OpenClaw keeps only the local ClawLink device credential it needs to authenticate to your account.Documentation Index
Fetch the complete documentation index at: https://docs.claw-link.dev/llms.txt
Use this file to discover all available pages before exploring further.
Credential storage
Provider API keys and OAuth tokens are encrypted at rest using AES-256-GCM. ClawLink never stores or exposes those provider credentials in plaintext. When your agent makes a tool call, the provider credential is decrypted only at the moment of execution.Your machine stays clean
Because ClawLink proxies provider calls through its hosted infrastructure, you do not need to put third-party API keys in your.env files or source code for normal usage. Connect your apps once from the dashboard, and ClawLink handles the provider side.
OpenClaw authentication
The recommended setup is browser pairing. Pairing creates a local ClawLink credential in the formatcllk_live_... and stores it in ~/.openclaw/openclaw.json for the OpenClaw plugin.
This local credential authenticates OpenClaw to ClawLink. It is not a provider credential like your Google or Stripe token.
API key best practices
- Prefer browser pairing over manual key entry
- Use manually created keys only for advanced fallback setups or debugging
- Use one key per device or workflow when you must create keys manually
- Revoke old keys you no longer need instead of reusing them indefinitely
If your API key is compromised
If you suspect a ClawLink credential has been exposed or misused, act immediately:Go to Settings > API Keys
Open the ClawLink dashboard and navigate to Settings > API Keys.
Revoking a key invalidates it immediately. Any OpenClaw client still using that key will stop working until you pair again or update the manual settings field.