ClawHub

Civic

v0.1.0

Connect to Civic MCP for 100+ integrations.

1· 279·1 current·1 all-time
by@civictechuser
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim a Civic MCP bridge and the skill requires a CIVIC_URL and CIVIC_TOKEN plus either mcporter or npx to run the included TypeScript runner—these requirements match the described functionality and are proportionate.
Instruction Scope
SKILL.md instructs the agent (and the user) to run mcporter or npx tsx to call Civic tools and to store CIVIC_URL/CIVIC_TOKEN in ~/.openclaw/openclaw.json. That is expected for this bridge, but it means the token will be persisted on disk in the OpenClaw config if the user follows the instructions; users should be aware of that persistence.
Install Mechanism
No install spec in the registry (instruction-only), but the package includes a script and package.json/pnpm-lock.yaml. There is no opaque remote download URL; dependencies come from the npm ecosystem and a lockfile is present, which reduces uncertainty. Running the script uses npx/tsx and will rely on npm-installed dependencies at runtime—normal for this kind of tool.
Credentials
Only CIVIC_URL and CIVIC_TOKEN are required and CIVIC_TOKEN is declared as the primary credential—this is appropriate. Note: the token grants access to all Civic-connected integrations (Gmail, databases, Box, etc.), so its scope and privileges matter a lot even though only a single credential is requested.
Persistence & Privilege
Skill is not always-on and does not request elevated platform privileges. The SKILL.md asks the user to add credentials to ~/.openclaw/openclaw.json (user action), but the skill does not autonomously modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it connects an agent to a Civic MCP instance and either uses mcporter or runs the provided TypeScript runner. Before installing or enabling: 1) Only provide a Civic token with least privilege necessary (avoid admin/global tokens). 2) Be aware the SKILL.md suggests storing the token in ~/.openclaw/openclaw.json (plaintext on disk) — rotate and revoke tokens if you stop using the skill. 3) The token grants access to many downstream services (Gmail, databases, Box); check Civic scopes and trust the Civic account you connect. 4) If you plan to run the TypeScript runner, inspect the included civic-tool-runner.ts (present in the package) and prefer to run it in a controlled environment; installing global tools like mcporter or npm packages can execute code from npm—only install from trusted sources. 5) If you need higher assurance, request the skill publisher/source or verify release provenance (official Civic docs/domains) before use.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Any binmcporter, npx
EnvCIVIC_URL, CIVIC_TOKEN
Primary envCIVIC_TOKEN
latestvk978fpxwrgcpmhxy7rt2paw4dd82czzx
279downloads
1stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@civictechuser
latest
Download

Civic MCP Bridge

⚠️ DISCLAIMER: Use at your own risk. For official documentation, visit docs.civic.com.

Connect to Civic for 100+ integrations including Gmail, PostgreSQL, MongoDB, Box, and more.

Setup

1. Get your Civic credentials

  1. Go to nexus.civic.com and sign in
  2. Get your MCP URL and access token from your profile settings

2. Configure in OpenClaw

Add to ~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "civic": {
        "enabled": true,
        "env": {
          "CIVIC_URL": "https://nexus.civic.com/hub/mcp?accountId=YOUR_ACCOUNT_ID&profile=YOUR_PROFILE",
          "CIVIC_TOKEN": "your-access-token"
        }
      }
    }
  }
}

3. (Optional) Configure mcporter

If you have mcporter installed (npm install -g mcporter), add to ~/.openclaw/workspace/config/mcporter.json:

{
  "mcpServers": {
    "civic": {
      "baseUrl": "https://nexus.civic.com/hub/mcp?accountId=YOUR_ACCOUNT_ID&profile=YOUR_PROFILE",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN",
        "User-Agent": "openclaw/1.0.0"
      }
    }
  }
}

Instructions for the Agent

When the user asks to interact with external services through Civic, try mcporter first. If it fails, fall back to the TypeScript script.

Using mcporter

# List tools
mcporter list civic

# Search tools
mcporter list civic | grep gmail

# Call a tool
mcporter call 'civic.google-gmail-search_gmail_messages(query: "is:unread")'

Fallback: TypeScript script

# List tools
npx tsx {baseDir}/civic-tool-runner.ts --list

# Search tools
npx tsx {baseDir}/civic-tool-runner.ts --search gmail

# Get tool schema
npx tsx {baseDir}/civic-tool-runner.ts --schema google-gmail-search_gmail_messages

# Call a tool
npx tsx {baseDir}/civic-tool-runner.ts --call google-gmail-search_gmail_messages --args '{"query": "is:unread"}'

Authorization flows

Some tools require OAuth on first use. When you see an authorization URL:

  1. Show the URL to the user
  2. After they authorize, continue: 
    # mcporter
mcporter call 'civic.continue_job(jobId: "JOB_ID")'

# script
npx tsx {baseDir}/civic-tool-runner.ts --call continue_job --args '{"job_id": "JOB_ID"}'

Notes

  • API calls can take 10-15 seconds (server-side latency)
  • Tokens expire after ~30 days — regenerate from Civic if needed
  • Gmail batch requests limited to 5-25 messages per call

Comments

Loading comments...