Agent skill

Let your agent drive AIronClaw.

A drop-in skill that teaches Claude Code, the Claude Agent SDK, OpenClaw, or any compatible AI agent to manage your MCP servers, LLM proxies, firewall rules, API keys, and audit logs through the same REST API the dashboard uses — authenticated with a personal access token you generate once.

1 token
Issued from the dashboard
1 command
Installs the skill locally
0 shared secrets
Token stays on your machine
Install

One command. Then restart your agent.

The installer fetches every file from this site into ~/.claude/skills/aironclaw/ and makes the wrapper script executable. To install for the current project only, prepend AIRONCLAW_SKILL_DIR="$PWD/.claude/skills/aironclaw".

curl -fsSL https://aironclaw.com/skill/install.sh | bash

Prefer not to pipe a remote script to bash? Download the files one by one from the list further down — there is nothing magical in the installer beyond mkdir, curl, and chmod +x.

Get your token

Generate a personal access token.

  1. Open the Profile page and sign in.
  2. Scroll to REST API Access → click Generate token.
  3. Copy the plaintext from the amber banner — it is shown exactly once.
  4. Export it in your shell:
export AIRONCLAW_TOKEN="<paste-here>"
export AIRONCLAW_BASE_URL="https://dashboard.aironclaw.com"

The server stores only a SHA-256 hash; if you lose the plaintext, rotate to issue a fresh token (the previous one is invalidated immediately).

What it gives the agent

Full management parity with the dashboard, on your behalf.

  • Create, configure, and delete MCP servers
  • Discover and refresh upstream MCP tools
  • Mint scoped client API keys (per-tool or per-model)
  • Configure firewall rules: IP ACLs, rate limits, DLP, prompt guards, lambdas, caches
  • Create and manage LLM proxies for OpenAI, Anthropic, Google, Mistral
  • Set per-proxy and per-key budgets, read live spend
  • Inspect the audit log feed and conversation logs
  • Expose synthetic MCP resources and inject them into tool responses
  • Force DNS re-resolves and cache drains on demand
Skill files

Everything that ships with the skill.

Public, versioned, raw. Nothing is hidden behind the installer.

SKILL.md

Entrypoint loaded by the agent.

api-reference.md

Every endpoint with request and response shapes.

mcp-lifecycle.md

MCP server: create, configure, operate.

llm-lifecycle.md

LLM proxy: create, budget, observe.

rules-and-dlp.md

Schema for every firewall rule type with worked examples.

permissions-and-keys.md

Tag model and how to scope client API keys.

errors.md

Status codes and remediation.

Scripts

scripts/aironclaw

Bash CLI wrapper (aironclaw mcp list, aironclaw whoami, ...).

create-mcp.sh

Register an MCP, discover tools, mint a scoped key.

configure-firewall-rule.sh

IP allow-list + rate limit + email DLP redaction.

create-llm-proxy-with-budget.sh

OpenAI proxy with allowed models and a monthly cap.

tail-logs.sh

Follow the audit log feed.

Security model

What the token can't do.

A personal access token grants full management of your account on behalf of you, but it is deliberately scoped:

  • Cannot enable, disable, or verify 2FA — those endpoints reject the token with HTTP 403. TOTP enrolment lives in the dashboard only.
  • Cannot rotate or read its own existence — /api/profile/token is session-only, so a stolen token cannot perpetuate access.
  • Cannot reach proxy traffic. The token works only against /api/* management routes; calls to MCP tools or LLM completions still require a separate, scoped client API key.
  • Stored only as a SHA-256 hash on the server. Plaintext is shown once at generation. Lost tokens are rotated, never recovered.