OpenClaw Integration

Use Nefia as an MCP server for OpenClaw to manage remote PCs from your AI assistant.

OpenClaw is an open-source autonomous AI agent that connects large language models to your local environment. By registering Nefia as an MCP server, OpenClaw gains the ability to execute commands, manage files, and orchestrate workflows across all your remote PCs — with full policy enforcement and audit logging.

Prerequisites

Before connecting OpenClaw to Nefia, make sure the following are in place:

Nefia is installed and configured on your operator PC with at least one target host enrolled.
OpenClaw is installed and running on the same machine. See the OpenClaw documentation for installation instructions.
You are logged in to Nefia. Run nefia login before starting the MCP server. If you skip this step, the server exits silently and OpenClaw will not see any tools.

Configuration

Add Nefia to your openclaw.json configuration file:

json

{
  "mcpServers": {
    "nefia": {
      "command": "nefia",
      "args": ["mcp", "serve"]
    }
  }
}

Windows

On Windows, some MCP clients cannot execute .exe files directly. Use the cmd /c wrapper:

json

{
  "mcpServers": {
    "nefia": {
      "command": "cmd",
      "args": ["/c", "nefia", "mcp", "serve"]
    }
  }
}

Available Tools

Once connected, OpenClaw discovers all 207 Nefia MCP tools automatically:

Category	Tools
Session	`session.open`, `session.close`, `session.summary`, `session.list`
Execution	`exec`, `exec.sudo`, `cancel`
File System	`fs.read`, `fs.write`, `fs.patch`, `fs.list`, `fs.stat`, `fs.copy`, `fs.move`, `fs.grep`, `fs.du`, `fs.find`, `fs.tail`, `fs.mkdir`, `fs.remove`, `fs.chmod`, `fs.chown`, `fs.stream_read`, `fs.stream_write`, `fs.stream_read_resumable`, `fs.stream_write_resumable`, `fs.symlink`, `fs.readlink`, `fs.archive.create`, `fs.archive.extract`, `fs.diff`
Multi-Host File	`push`, `sync`
Host Inventory	`hosts.list`, `hosts.show`, `hosts.update`, `hosts.groups`, `hosts.import`, `hosts.remove`, `hosts.refresh`
Playbooks	`playbook.run`, `playbook.list`, `playbook.show`, `playbook.validate`
System Info	`facts`, `sys.processes`, `sys.services`, `sys.ports`, `sys.users`, `sys.logs`, `sys.logs.search`, `sys.service.control`, `sys.network`, `sys.disk`, `sys.env`, `sys.kill`, `sys.group.list`
Package Mgmt	`sys.package.list`, `sys.package.install`, `sys.package.remove`
User Mgmt	`sys.user.create`, `sys.user.modify`, `sys.user.delete`
Cron	`sys.cron.list`, `sys.cron.create`, `sys.cron.delete`
Service Mgmt	`sys.service.enable`, `sys.service.disable`, `sys.service.reload`, `sys.service.logs`, `sys.service.show`
Network Diag	`net.ping`, `net.traceroute`, `net.dns`, `net.connections`, `net.listen`
Firewall	`net.firewall.list`, `net.firewall.add`, `net.firewall.remove`, `net.firewall.status`
System Update	`sys.update.check`, `sys.update.apply`, `sys.hostname`, `sys.time`, `sys.sysctl.list`, `sys.sysctl.set`
Mount	`sys.mount.list`, `sys.mount`, `sys.umount`
Container	`container.list`, `container.logs`, `container.start`, `container.stop`, `container.restart`, `container.inspect`
VPN & Connectivity	`vpn.status`, `vpn.diagnose`, `vpn.ping`, `vpn.revoke`, `vpn.key.rotate`, `vpn.config`, `vpn.enroll_status`, `vpn.invite`, `vpn.invite_list`, `vpn.invite_revoke`, `vpn.peer.stats`, `netcheck`, `conn.health`
Policy	`policy.test`, `policy.test_batch`, `policy.capabilities`
JIT Access	`jit.request`, `jit.list`
Audit	`audit.search`, `audit.export`, `audit.verify`
Agent	`agent.status`, `agent.upgrade`, `agent.pin`
Schedule	`schedule.list`, `schedule.create`, `schedule.delete`, `schedule.show`, `schedule.update`, `schedule.enable`, `schedule.disable`, `schedule.history`, `schedule.trigger`
Queue	`queue.list`, `queue.show`, `queue.cancel`, `queue.retry`
Diagnostics	`status`, `doctor`, `explain`, `validate`, `recording.list`, `recording.show`, `recording.delete`, `recording.export`
Reactor	`reactor.status`, `reactor.events`, `reactor.rule.create`, `reactor.rule.delete`, `reactor.rule.enable`
Power	`power.wake`, `power.reboot`, `power.shutdown`
Security	`secrets.list`, `secrets.test`, `compliance.report`
Device Security	`device_lock.status`, `device_lock.verify`, `device_lock.init`, `device_lock.sign`, `device_lock.revoke`, `posture.check`
Configuration	`config.show`
Webhooks	`webhook.list`, `webhook.test`, `webhook.create`, `webhook.update`, `webhook.delete`
Backup	`backup.list`, `backup.create`, `backup.verify`, `backup.restore`
Composite	`run`, `investigate`, `file.deploy`, `service.deploy`, `config.apply`, `system.baseline`, `system.health`
Cluster Mgmt	`cluster.init`, `cluster.status`, `cluster.members`, `cluster.add_peer`, `cluster.remove_peer`
SSH CA	`sshca.init`, `sshca.sign_user`, `sshca.sign_host`, `sshca.status`, `sshca.trust`, `sshca.server_snippet`
Mutual TLS	`mtls.init`, `mtls.issue_client`, `mtls.status`, `mtls.revoke`
Team Mgmt	`team.current`, `team.list`, `team.use`, `team.create`, `team.invite`, `team.join`, `team.members`, `team.leave`, `team.role`
Profile Mgmt	`profile.list`, `profile.show`, `profile.create`, `profile.delete`, `profile.set_default`
Discovery	`tools.schema`, `approval.check`
Approval	`approval.list`, `approval.respond`

All tool names are prefixed with nefia. (e.g., nefia.exec, nefia.fs.read).

For detailed tool schemas, see the MCP Protocol Reference.

Security Considerations

OpenClaw's skill ecosystem has had reported security incidents including data exfiltration and prompt injection through third-party skills. When connecting Nefia, apply defense-in-depth:

1. Enforce Strict Policies

Define explicit allow/deny rules in your nefia.yaml to limit what OpenClaw can do:

yaml

policy:
  mode: enforce
  deny_commands:
    - "^rm -rf /$"
    - "^mkfs\\."
    - "^shutdown"
    - "^reboot"
  allow_commands:
    - "^ls "
    - "^cat "
    - "^systemctl status"
  deny_paths:
    - "^/etc/shadow$"
    - "^/etc/passwd$"
  allowed_roots:
    - "^/home/"
    - "^/var/www/"

2. Enable Approval Workflows

Require human approval for sensitive operations:

yaml

mcp:
  approval:
    enabled: true
    default_timeout: 120s
    rules:
      - tools: ["nefia.exec"]
        require_approval: true
      - tools: ["nefia.fs.read", "nefia.fs.list", "nefia.fs.stat"]
        require_approval: false

With approvals enabled, OpenClaw pauses and waits for your confirmation before executing commands. Read-only operations can be exempted to keep the workflow smooth.

3. Use Rate Limiting

Prevent runaway automation with rate limits:

yaml

mcp:
  rate_limit:
    rate: 1.0
    burst: 10

4. Monitor Audit Logs

Every operation OpenClaw performs through Nefia is recorded in the append-only audit log with hash-chain integrity. Review logs regularly:

bash

nefia audit show --tail 50

For real-time monitoring, forward logs to your SIEM platform. See SIEM Integration.

5. Restrict Third-Party Skills

Only install OpenClaw skills from trusted sources. Avoid skills that request broad filesystem or network access. Nefia's policy engine provides a second layer of defense, but preventing malicious skill installation is the first line of protection.

Example: OpenClaw Managing Server Updates

Here is a practical workflow where OpenClaw uses Nefia to update packages across a fleet:

OpenClaw discovers available hosts:

plaintext

User: "Check which servers need security updates and apply them."
OpenClaw → nefia.hosts.list

It gathers system facts from each host:

plaintext

OpenClaw → nefia.facts (target: "tag:production")
→ Returns OS version, uptime, package manager info for each host

It checks for available updates:

plaintext

OpenClaw → nefia.exec (target: "tag:production", command: "apt list --upgradable 2>/dev/null | head -20")
→ 3 hosts have pending security updates

It applies updates (triggers approval if configured):

plaintext

OpenClaw → nefia.exec (target: "host:prod-web-1", command: "sudo apt upgrade -y")
⏳ Waiting for operator approval...
✓ Approved — executing on prod-web-1

It verifies the updates:

plaintext

OpenClaw → nefia.exec (target: "tag:production", command: "uptime && apt list --upgradable 2>/dev/null | wc -l")
→ All hosts up-to-date, no pending updates

Every step is policy-checked, audited, and sandboxed. If OpenClaw attempts a denied operation, Nefia blocks it and returns a structured error with an explanation.

Comparison with Other MCP Clients

Feature	OpenClaw	Claude Code	Claude Desktop	Codex CLI
Autonomous execution	Yes (always-on agent)	Yes (interactive)	Yes (interactive)	Yes (interactive)
Messaging integration	WhatsApp, Discord, Slack	Terminal	Desktop app	Terminal
Runs 24/7	Yes	No (session-based)	No (session-based)	No (session-based)
MCP support	Native	Native	Native	Native
Approval workflow	Via Nefia	Via Nefia	Via Nefia	Via Nefia

Troubleshooting

OpenClaw cannot find Nefia tools

Verify nefia is in PATH: which nefia
Check that you are logged in: nefia login
Try using the full binary path in openclaw.json

Operations are silently failing

Check Nefia audit logs: nefia audit show --tail 20
Verify policy rules are not blocking the operations
Check that VPN tunnels are active: nefia vpn status

Rate limit errors

If OpenClaw receives retry_after_ms errors, increase the rate limit in nefia.yaml or configure OpenClaw to respect the backoff interval.

MCP Integration

General MCP server setup for all AI agent clients.

Policy Engine

Configure command, path, and host restrictions for AI agents.

Audit Logging

Monitor all AI agent activity with tamper-proof audit logs.

SIEM Integration

Forward audit logs to Splunk, Datadog, or custom webhooks.