MCP Integration
Plug in.
Request.
Human approves.
Carapace's MCP server gives your agent real financial capabilities — ACH, wire, crypto — with the owner reviewing and approving every action. No agent can ever approve its own request.
OpenClaw native
Claude
Any MCP client
OpenClaw native
First-class skill. Three primitives.
Zero boilerplate.
Carapace is a native OpenClaw skill — the integration goes deeper than MCP tooling. Find it on ClaWHub, install, restart. Done.
Heartbeat
Add one block to
HEARTBEAT.md. OpenClaw polls approvals_inbox
automatically — pending requests surface proactively, even between conversations.
Approved requests execute automatically on the next tick.
Notification routing
When a write tool returns
pending_approval, call the message
tool. OpenClaw routes it to Telegram, Slack, Discord, or WhatsApp — whichever the
owner configured. No Carapace notification setup needed.
Approval card
Your agent renders a structured approval card inline — amount, destination, note,
and approve/deny links. On platforms with native buttons (Telegram inline keyboard,
Discord components), use URL buttons pointing to
approve_url.
Quick start
1
Install the CLI & pair
One command. Carapace uses device-flow pairing — no manual key copying.
Your agent generates a pairing code; you enter it in the dashboard;
the API key is auto-provisioned to that agent.
shell
$ pip install carapace-cli
$ carapace install
# Pairing code: AKP-7321
# Enter at: carapace.io/ui/device-flow/
✓ Agent "Orion" connected — API key provisioned
$ carapace install
# Pairing code: AKP-7321
# Enter at: carapace.io/ui/device-flow/
✓ Agent "Orion" connected — API key provisioned
OpenClaw
Then open ClaWHub, search Carapace, and install the skill. Restart OpenClaw — no JSON config needed.
2
Add Carapace to your MCP config
For non-OpenClaw clients: add the Carapace MCP server to your config file.
The API key from step 1 goes in the Authorization header.
json — mcp config
{
"mcpServers": {
"carapace": {
"url": "https://carapace.io/api/mcp/http",
"headers": {
"Authorization": "Bearer agk_..."
}
}
}
}
"mcpServers": {
"carapace": {
"url": "https://carapace.io/api/mcp/http",
"headers": {
"Authorization": "Bearer agk_..."
}
}
}
}
3
Agent calls a tool
Your agent calls
request_transfer, request_pay_bill,
or any registered action. It gets an approval URL back. Nothing executes yet.
mcp tool call → response
// Agent calls:
request_transfer({
amount: 850,
destination: "acme_corp_ach",
note: "Q1 vendor payment"
})
// Returns:
{ approve_url: "carapace.io/ui/approvals/0a1b",
status: "pending_approval" }
request_transfer({
amount: 850,
destination: "acme_corp_ach",
note: "Q1 vendor payment"
})
// Returns:
{ approve_url: "carapace.io/ui/approvals/0a1b",
status: "pending_approval" }
4
Owner reviews & decides
Open the approval URL — from a notification or directly. Full context:
amount, destination, agent's note, spending-limit check, and expiry.
One click to approve or deny.
Amount & destination
Agent's note
Limit check
Expiry countdown
One-click decision
5
Agent detects approval & executes
Approval alone does not move money. The agent must poll
approvals_inbox
to detect the approval, then call execute_approved_action to trigger
execution. Run approvals_inbox on a heartbeat after requesting any action.
mcp tool calls
// Poll for approvals (use on heartbeat)
approvals_inbox()
// → { approved: [{ request_id: "0a1b", status: "approved" }] }
// Execute — this is what moves money
execute_approved_action({ request_id: "0a1b" })
// → { status: "completed", amount: 850, rail: "ach" }
approvals_inbox()
// → { approved: [{ request_id: "0a1b", status: "approved" }] }
// Execute — this is what moves money
execute_approved_action({ request_id: "0a1b" })
// → { status: "completed", amount: 850, rail: "ach" }
Supported rails
ACH
account_number
routing_number
account_type
1–3 business days · free
Wire
swift
account_number
bank_name
Same day · fee applies
Crypto
address
chain
Minutes · gas fee
Tools reference
Financial actions
require owner approval
request_demo_transfer—simulated transfer, no money moves — start here
request_transfer—ACH, wire, or crypto transfer
request_pay_bill—payment to a saved or proposed payee
request_create_payee—add a new payment destination
Read / query
no approval needed
whoami—identity, envelope, accounts, pending count
get_balances—current account balances
list_transactions—transaction history
get_deposit_instructions—how to fund this agent's account
get_activity—combined activity + audit summary
Approval lifecycle
the execution loop
approvals_inbox—pending + approved-but-unexecuted requests
execute_approved_action—execute after owner approves
get_action_request—status of a specific request
Agent management
require owner approval
request_update_agent_limits—change spending envelope
request_provision_agent_account—add virtual account or wallet
request_suspend_agent—temporarily suspend an agent
request_revoke_agent—permanently revoke an agent
Setup & identity
no approval needed
get_kyc_status—owner's verification status
request_kyc—trigger KYC for the owner
get_connect_url—browser management URL for connecting
get_manage_keys_url—browser URL for managing API keys
The HITL model — how trust is maintained
- Agents can request any action. The owner stays in the approval seat — every time, no exceptions. No agent can approve its own request.
- Financial firewall: each agent gets its own provisioned account funded only with what the owner explicitly loads into it. Even full key compromise can't drain past zero.
- Spending envelopes (per-transaction cap and daily cap) are enforced at execution time, not just checked at request time.
- Every request, approval, denial, and execution is logged immutably. Full audit trail, no rotation.