MCP Server

The 1claw MCP server (@1claw/mcp) implements the Model Context Protocol to give AI agents secure, just-in-time access to secrets stored in a 1claw vault — and a standalone security scanner for detecting malicious LLM content.

Secrets are fetched at runtime and never persisted in the LLM context window beyond the moment they are used. The inspect_content tool can run without vault credentials, making it available to anyone running local models.

How it works

┌──────────────┐         MCP protocol          ┌──────────────┐
│  AI Agent    │ ◀─────────────────────────────▶│  1claw MCP   │
│  (Claude,    │   list_secrets, get_secret,    │  Server      │
│   Cursor,    │   put_secret, rotate_and_store │              │
│   GPT, etc.) │                                └──────┬───────┘
└──────────────┘                                       │
                                                       │ HTTPS
                                                       ▼
                                                ┌──────────────┐
                                                │  Vault API   │
                                                │ api.1claw.xyz│
                                                └──────────────┘

The AI agent calls an MCP tool (e.g. get_secret).
The MCP server authenticates with the vault API using an agent JWT (from agent ID + API key, or a static token).
The vault returns the decrypted secret value.
The MCP server passes the value back to the agent.
The agent uses the secret and discards it.

Transport modes

Mode	Use case	Auth	URL
stdio	Local — Claude Desktop, Cursor, any MCP client	Env vars	N/A (runs locally)
httpStream	Hosted — any MCP client with HTTP streaming support	Per-request headers	`https://mcp.1claw.xyz/mcp`
local-only	Security tools only — no vault credentials needed	None	N/A (runs locally)

Local-only mode

Set ONECLAW_LOCAL_ONLY=true to start the server with only the inspect_content tool. No 1claw account or API keys required. Useful for users running local models (Ollama, LM Studio, llama.cpp) who want threat detection without secret management.

{
    "mcpServers": {
        "1claw": {
            "command": "npx",
            "args": ["-y", "@1claw/mcp"],
            "env": {
                "ONECLAW_LOCAL_ONLY": "true"
            }
        }
    }
}

Tools

Tool	Description	Read/Write
`list_secrets`	List all secrets in the vault (metadata only, never values)	Read
`get_secret`	Fetch the decrypted value of a secret by path	Read
`put_secret`	Create or update a secret (creates a new version)	Write
`delete_secret`	Soft-delete a secret at a given path	Write
`describe_secret`	Get metadata (type, version, expiry) without fetching the value	Read
`rotate_and_store`	Store a new value for an existing secret and return the new version	Write
`get_env_bundle`	Fetch an `env_bundle` secret and parse its KEY=VALUE lines as JSON	Read
`create_vault`	Create a new vault	Write
`list_vaults`	List all accessible vaults	Read
`grant_access`	Grant a user or agent access to a vault	Write
`share_secret`	Share a secret with someone by email	Write
`inspect_content`	Analyze text for prompt injection, command injection, PII, and more	Read

Resources

URI	Description
`vault://secrets`	Browsable listing of all secret paths (metadata only, no values)

Next steps

Setup Guide — Install and configure the MCP server
Tool Reference — Detailed documentation for each tool
Security — Security model and best practices
Deployment — Deploy the hosted MCP server

How it works​

Transport modes​

Local-only mode​

Tools​

Resources​

Next steps​