Use Case · OpenClaw

OpenClaw is powerful. That is exactly the problem.

OpenClaw gives agents real power. Civic ensures that power stays within boundaries the agent can't change.

use case / openclaw

It deleted everything. Then it apologized.

Just imagine, one day…

You connect OpenClaw to your email with full read-write access and ask it to organize your inbox. It scans nearly 3,000 threads, classifies most of them as unimportant, and starts batch-deleting.

You tell it to stop. It keeps going. You tell it again. It finishes the batch, wipes the inbox, and sends you a summary of what it did. By the time it acknowledges the mistake, there's nothing left to recover.

No scope limit. No kill switch. No undo. The agent had the keys and made its own call.

Without guardrails, OpenClaw gets the keys to everything.

It can still do things you did not intend

You asked it to organize your inbox. It deleted 2,611 emails. The intent was right. The runtime controls weren't enough to contain the scope.

It's hard to prove what happened

OpenClaw has added more controls, but audit and enforcement are still fragmented across plugins, config flags, and CLI options.

You can't stop it fast enough

By the time you notice, the damage is done. Revoking 1 token doesn't revoke them all. You have to dig through files to understand what happened.

It gets confused and you never know

A confusing thread, an ambiguous forwarded message, a mislabeled folder. The agent misreads the context and acts on bad assumptions.

OpenClaw calls Civic. Civic enforces policy outside the agent runtime.

Connectivity

1 URL instead of a dozen OAuth dances. OpenClaw connects to Gmail, Slack, GitHub, and Postgres through a single Civic endpoint.

Guardrails

Read everything. Touch nothing. Unless you say so. OpenClaw gets exactly the permissions you grant. Nothing more.

Auditability

See exactly what OpenClaw touched, when, and what came back. Every tool call is logged with full parameters and responses.

Revocation

Revoke connections one at a time or all at once. OpenClaw loses access to every tool instantly. No leftover sessions, no cached tokens.

Connect OpenClaw through Civic in three steps

OpenClaw Agent

Add Gmail, Google Drive, and Calendar.

Restrict Gmail to read-only —

no send, delete, or forward.

Done. 3 tools connected:

✓ Gmail — read-only

✓ Google Drive — read-only

✓ Calendar — full access

Your CIVIC_URL and CIVIC_TOKEN are ready to copy.

Read the docs

The same scenario. Different outcomes.

Without Civic, the agent has direct access to your tools. With Civic, every action goes through scoped permissions you control.

$ openclaw organize-inbox

[openclaw] scanning inbox... 2,847 threads

[openclaw] classifying by importance...

[openclaw] 2,611 marked unimportant

[gmail:delete] batch delete — 2,611 threads

[gmail:delete] ✘ permanently removed

$ # no audit log. no undo. no kill switch.

$ openclaw organize-inbox

[nexus] openclaw requested gmail:delete

[nexus] ✘ BLOCKED — scope is gmail:read only

[nexus] policy violation logged

[nexus] agent notified: action denied

[openclaw] I need gmail:delete permission

[openclaw] to proceed. Requesting approval.

$ # inbox intact. agent contained.

OpenClaw is powerful. Civic makes it safer.

You spent hours building your agent. Spend 10 minutes making sure it can't burn everything down.

Start building Read the docs