> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation.
>
> - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install <auth-type>@scalekit-auth-stack`
> - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install <auth-type>@scalekit-auth-stack`
> - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `<auth-type>`
> - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill <skill-name>`
>
> `<auth-type>` / `<skill-name>`: `agent-auth`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/)

---

# OpenClaw skill

```d2
direction: right

OpenClaw: "OpenClaw agent" {
  style.font-size: 18
}

Scalekit: {
  label: "Scalekit Agent Auth"
  Auth: "OAuth handler"
  Vault: "Token vault"
}

Providers: {
  label: "Third-party services"
  LinkedIn: "LinkedIn"
  Gmail: "Gmail"
  Salesforce: "Salesforce"
  More: "50+ more"
}

OpenClaw -> Scalekit.Auth: "Execute tools"
Scalekit.Vault -> Providers.LinkedIn
Scalekit.Vault -> Providers.Gmail
Scalekit.Vault -> Providers.Salesforce
Scalekit.Vault -> Providers.More
```

Use the Scalekit Agent Auth skill for [OpenClaw](https://github.com/scalekit-inc/openclaw-skill) to let your AI agents execute actions on third-party services directly from conversations. Search LinkedIn, read Notion pages, send Slack messages, query Snowflake, and more — all through Scalekit Connect without storing tokens or API keys in your agent.
**Security considerations for AI agents:** Scalekit stores tokens and API keys securely with full audit logging. OpenClaw, like all AI agent frameworks, is vulnerable to prompt injection and other agent-level attacks. Follow security best practices to protect your instance.

When you ask Claude to interact with a third-party service, the skill:

- Finds the configured provider in Scalekit (e.g., [Gmail connection setup](/reference/agent-connectors/gmail/)) and identifies which connection to use based on the requested action
- Checks if the connection is active. For OAuth connections, it generates a magic link for new authorizations. For API key connections, it provides Dashboard guidance for setup
- Retrieves available tools and their parameter schemas for the provider, determining what actions are possible
- Calls the right tool with the correct parameters and returns the result to your conversation
- If no tool exists for the action, routes the request through Scalekit's HTTP proxy, making direct API calls on your behalf
**Automatic auth flow detection:** The skill automatically detects whether a connection uses OAuth or an API key and applies the correct auth flow — no configuration needed.

Your agent never stores tokens or API keys. Scalekit acts as a token vault, managing all OAuth tokens, API keys, and credentials. The skill retrieves only what it needs at runtime, scoped to the requesting user.

## Prerequisites

- [OpenClaw](https://openclaw.ai) installed and configured
- A Scalekit account with Agent Auth enabled — [sign up at app.scalekit.com](https://app.scalekit.com)
- `python3` and `uv` available in your PATH

## Get started

1. ## Install the skill

   Install the skill from ClawHub:

   ```bash showLineNumbers=false
   clawhub install scalekit-agent-auth
   ```

2. ## Configure credentials

   Add your Scalekit credentials to `.env` in your project root:

   ```bash title=".env"
   TOOL_CLIENT_ID=skc_your_client_id      # Your Scalekit client ID
   TOOL_CLIENT_SECRET=your_client_secret  # Your Scalekit client secret
   TOOL_ENV_URL=https://your-env.scalekit.cloud  # Your Scalekit environment URL
   TOOL_IDENTIFIER=your_default_user_identifier  # Default user context for tool calls
   ```

   | Parameter | Description |
   |-----------|-------------|
   | `TOOL_CLIENT_ID` | Your Scalekit client ID Required |
   | `TOOL_CLIENT_SECRET` | Your Scalekit client secret Required |
   | `TOOL_ENV_URL` | Your Scalekit environment URL Required |
   | `TOOL_IDENTIFIER` | Default user context for all tool calls Recommended |
**Environment variable security:** Never commit `.env` files to version control. Add `.env` to your `.gitignore` file to prevent accidental exposure of credentials.

3. ## Usage

   ```txt showLineNumbers=false
   You: Show me my latest unread emails
   ```

   OpenClaw will automatically:

1. Look up the `GMAIL` connection
2. Verify it's active (or generate a magic link to authorize if needed)
3. Fetch the `gmail_list_emails` tool schema
4. Return your latest unread emails
   ```txt showLineNumbers=false
   You: Read my Notion page https://notion.so/My-Page-abc123
   ```

   OpenClaw will:

1. Look up the `NOTION` connection
2. If not yet authorized, generate a magic link for you to complete OAuth
3. Fetch the `notion_page_get` tool schema
4. Return the page content
   ## Supported providers

Any provider configured in Scalekit works with the OpenClaw skill — including Notion, Slack, Gmail, Google Sheets, GitHub, Salesforce, HubSpot, Linear, Snowflake, Exa, HarvestAPI, and 50+ more.

[Browse connections](/guides/integrations/agent-connectors)
  [ClawHub listing](https://clawhub.dev/skills/scalekit-agent-auth)
## Common scenarios

<details>
<summary>How do I authorize a new connection?</summary>

When you request an action for a connection that isn't yet authorized, the skill automatically generates a magic link. Click the link to complete OAuth authorization in your browser. After authorization, return to your OpenClaw conversation and retry the action.

For API key-based connections (like Snowflake), you'll need to configure credentials directly in the Scalekit Dashboard under **Connections**.

</details>

<details>
<summary>How do I switch between different user contexts?</summary>

Set `TOOL_IDENTIFIER` in your `.env` file to define a default user context. All tool calls will execute with that user's permissions and connected accounts.

To use a different user context for a specific conversation, you can override the identifier by setting it in your OpenClaw configuration or passing it as a parameter when invoking the skill.

</details>

<details>
<summary>Why am I seeing a "connection not found" error?</summary>

This error occurs when the skill cannot find a configured connection for the requested provider. Check the following:

1. **Verify the connection exists** — Go to **Dashboard > Connections** and confirm the provider is configured
2. **Check connection status** — Ensure the connection shows as "Active" in the dashboard
3. **Verify environment** — Confirm you're using the correct `TOOL_ENV_URL` for your environment

</details>

<details>
<summary>How do I debug tool execution issues?</summary>

Enable debug logging in your OpenClaw configuration to see detailed information about tool calls:

```bash showLineNumbers=false
TOOL_DEBUG=true
```

This logs the tool name, parameters, and response for each execution, helping you identify issues with parameter formatting or API responses.

</details>

---

## More Scalekit documentation

| Resource | What it contains | When to use it |
|----------|-----------------|----------------|
| [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content |
| [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas |
| [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |