OPENCLAW × ZAPIER MCP

The safe way to give OpenClaw access to your business

One MCP connection. 9,000+ apps. Per-tool permissions. Zero credentials exposed to the agent.

WHY THIS MATTERS

Direct API access is how people get burned

Plugging Gmail, Slack, Notion and HubSpot API keys straight into an autonomous agent feels fast. It's also the move that gets your inbox wiped, your CRM cleared, or a Slack channel posted into at 3am.

One prompt injection inside an email body, a website the agent reads, or a calendar invite, and that agent now has full send-and-delete rights across your stack.

The fix is to put a layer between OpenClaw and your apps. That layer is Zapier MCP.

TREAT YOUR MCP URL LIKE A PASSWORD

Zapier's own warning. Anyone with your MCP URL can run every action you've enabled, on your account. Don't share it. Don't paste it into screenshots. Rotate it the moment you suspect a leak.

WHAT YOU'LL BUILD

A scoped Zapier MCP server, wired to OpenClaw

By the end you'll have a single MCP endpoint exposing only the actions you whitelist (e.g. gmail_create_draft, slack_send_dm, notion_find_page) and zero send-then-delete blast radius.

STEP 01

Spin up a Zapier MCP server

Head to mcp.zapier.com (sign in with the same Zapier account that holds your app connections).

https://mcp.zapier.com

Click + New MCP Server. In the MCP Client dropdown pick Other (OpenClaw isn't in the preset list, but the connection works the same way). Name it something like openclaw-prod so you can spot it later.

Pro move: spin up two servers. One openclaw-readonly for any agent run that just needs to look around, and one openclaw-write for jobs that need to actually do something. Smaller blast radius per workflow.

STEP 02

Add the apps you want OpenClaw to touch

In the Configure tab of your new server, search and add the actions for each app. Every action you add becomes a callable tool on the MCP endpoint, so only enable what this server actually needs.

A sane starter set for a business operator running OpenClaw 24/7:

Gmail — Find Email, Create Draft
Slack — Find Message, Send Direct Message (to yourself only)
Notion — Find Page, Find Database Item
HubSpot — Find Contact, Find Deal
Google Drive — Find a File

Heads up: every successful tool call burns 2 Zapier tasks. Budget accordingly if you're running an agent on a loop.

STEP 03

Scope the permissions per tool (the safety move)

This is where most people skip and most people get burned. For each app, decide what the agent is allowed to do, and crucially what it isn't.

Default rule: if the action can't be undone in under 30 seconds, leave it off.

App

Allow

Block

Gmail

find email
create draft

send email
delete email

Slack

find message
send DM (self)

post to channel
delete message

Notion

find page
find database item

create page
update
archive

HubSpot

find contact
find deal

delete contact
update lifecycle stage

Google Drive

find file

delete file
change sharing

If a prompt injection ever lands inside an email, the worst-case outcome under this config is a draft sitting in your drafts folder. You see it. You delete it. Done.

STEP 04

Grab your MCP server URL

Open the Connect tab on your server. You'll see a URL that looks like this:

https://mcp.zapier.com/api/mcp/s/<your-server-id>/mcp

Copy it. This single URL is the only thing OpenClaw needs. Your Gmail OAuth token, Slack token, Notion key and HubSpot key all stay locked inside Zapier — OpenClaw never sees them.

If anything ever feels off, hit the Rotate secret icon on the Connect tab. New URL, old one is dead instantly. One rotation kills access to all 9,000+ apps. Try doing that with twelve separate API keys.

STEP 05

Wire it into OpenClaw

OpenClaw reads its config from ~/.openclaw/openclaw.json. Open it and add a Zapier server under the mcp.servers block:

{
  "mcp": {
    "servers": {
      "zapier": {
        "url": "https://mcp.zapier.com/api/mcp/s/<id>/mcp",
        "transport": "streamable-http"
      }
    }
  }
}

Or do it from the CLI without touching the file:

openclaw mcp set zapier --url <your-mcp-url> --transport streamable-http

Then verify the connection:

openclaw mcp status

You should see your Zapier server listed and the tools you enabled showing up as available.

STEP 06

Test with a read-only prompt first

Don't trust the wiring on day one with anything that writes. Start with something completely safe:

Find the most recent email from Stripe in
my Gmail and tell me what it was about.
Don't draft anything.

Once OpenClaw returns a clean answer, open History on your Zapier dashboard. Every MCP call is logged there with the exact action, parameters, and result. This is your audit trail forever.

Want an extra layer? Add AI Guardrails by Zapier to your server. It scans for prompt injection attempts, PII leaks and toxic content before the action runs. Free, native, takes 60 seconds to enable.

WHY THIS PATTERN HOLDS UP

Five things you get for free

Credentials never touch the agent. Zapier holds the OAuth tokens. OpenClaw only ever sees one URL.
One key to rotate. Compromised? Click rotate. Done. No racing through twelve dashboards revoking tokens.
Per-action whitelisting. The agent literally cannot call an action you didn't enable. The blast radius is fixed at config time, not runtime.
Full audit log. Every call shows up in your Zapier History tab. You can review what the agent did at 3am while you were asleep.
9,000+ apps, one connection. Adding a new app later means adding an action in Zapier, not running another OAuth dance with another vendor.

IF SOMETHING'S OFF

Quick checks before you panic

Tools not showing up in OpenClaw? Run openclaw mcp status. If the server is connected but tool count is zero, the actions aren't enabled in Zapier. Go back to the Configure tab and toggle them on.
Connection failing? The transport must be streamable-http. Older configs sometimes default to sse — switch it.
Tasks burning through fast? Each tool call is 2 tasks. Cap your agent loops or upgrade your Zapier plan.
Anything weird in the History log? Rotate the secret immediately. Then audit. Then re-issue the new URL to OpenClaw.

Ready to wire it up?

Zapier MCP is included on every plan, including the free tier. Spin up your first server in five minutes — then come learn the broader system inside AI Systems Lab.