BYO MCP — Bring Your Own MCP Servers

Every Curate-Me runner (cloud or connected machine) ships with @curate-me/mcp-server for governance tools. But you can also connect your own MCP servers to give agents access to custom tools — databases, internal APIs, proprietary systems, or any MCP-compatible tool server.

What Is MCP?

The Model Context Protocol (MCP) is an open standard for connecting AI agents to external tools. Think of it as USB for AI — any MCP server can plug into any MCP client (like OpenClaw) and immediately provide new capabilities.


Agent (OpenClaw) → MCP Client → MCP Server → Your Tool/API/Database

Built-In Governance MCP Server

Every runner includes @curate-me/mcp-server with 21+ tools across three tiers:

Tier 1 — Foundation (16 tools)

Tool	Description
`curate_check_budget`	Check daily LLM spend vs. org budget limit
`curate_get_status`	Get runner status, resource usage, active sessions
`curate_emit_event`	Log audit events to the control plane
`curate_install_skill`	Install skill packs (additional MCP servers, tools)
`curate_list_skills`	List available or installed skills
`curate_discover_peers`	Find other agents in your org via A2A registry
`curate_request_approval`	Flag high-cost operations for human approval
`curate_health_check`	Get MCP server health status
`curate_read_memory`	Read from session or org knowledge base
`curate_search_memory`	Semantic search across agent memory
`curate_screenshot`	Take a desktop screenshot (in-session)
`curate_timeline_record`	Record agent reasoning steps for time-travel debugging
`curate_credentials_read`	Get stored credentials from the vault
`curate_extended_thinking_start`	Enable extended thinking mode for complex tasks
`curate_session_recording_start`	Record session video/output for replay
`curate_debug_breakpoint`	Pause and inspect agent state

Tier 2 — Collaboration (5 tools)

Tool	Description
`curate_spawn_subagent`	Fork a child agent with inherited context
`curate_handoff_agent`	Hand off a task to another agent
`curate_fleet_message`	Broadcast message to fleet peers
`curate_task_dispatch`	Dispatch work to an available pool agent
`curate_conversation_start`	Start a multi-turn conversation thread

Environment Variables

The MCP server authenticates via environment variables auto-injected at session start:


CM_API_KEY=cm_rt_...              # Runner's gateway auth token
CM_GATEWAY_URL=https://api.curate-me.ai
CM_RUNNER_ID=byovm_c8a4acd75ea7  # or runner_xxx for cloud
CM_SESSION_ID=sess_xyz123
CM_ORG_ID=org_xxx
CM_FLEET_ID=fleet_yyy            # if part of a fleet

Adding Your Own MCP Servers

Option 1: OpenClaw MCP Config

In your OpenClaw agent’s workspace, add MCP servers to the configuration:


{
  "mcpServers": {
    "curate-me": {
      "command": "npx",
      "args": ["@curate-me/mcp-server"],
      "env": {
        "CM_API_KEY": "${CM_API_KEY}",
        "CM_GATEWAY_URL": "${CM_GATEWAY_URL}"
      }
    },
    "your-database": {
      "command": "npx",
      "args": ["your-mcp-database-server"],
      "env": {
        "DATABASE_URL": "postgresql://user:pass@host:5432/db"
      }
    },
    "your-api": {
      "command": "python",
      "args": ["-m", "your_api_mcp_server"],
      "env": {
        "API_KEY": "${YOUR_API_KEY}"
      }
    }
  }
}

Option 2: Via Dashboard

Go to Runners > MCP Servers (/runners/mcp-servers)
Click Add MCP Server
Configure the server command, args, and environment variables
Assign to specific runners or all runners in a fleet

Option 3: Via Workspace Files

Update the agent’s TOOLS.md to reference your MCP server:


## MCP Servers
 
### curate-me (governance)
Built-in governance tools for budget, status, memory, and collaboration.
 
### your-database
Custom database access for querying project data.
Connection: postgresql://...
Tools: query, insert, update, schema

Option 4: Via API


# Add MCP server config to a runner
curl -X PUT https://api.curate-me.ai/gateway/admin/runners/{runner_id}/workspace/mcp-config.json \
  -H "Authorization: Bearer $JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "{\"mcpServers\":{\"your-db\":{\"command\":\"npx\",\"args\":[\"your-mcp-db\"]}}}"
  }'

Common MCP Server Examples

SQLite / PostgreSQL


{
  "mcpServers": {
    "sqlite": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-sqlite", "~/data/project.db"]
    }
  }
}

Filesystem Access


{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/allowed/dir"]
    }
  }
}

GitHub


{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}"
      }
    }
  }
}

Slack (MCP Server)


{
  "mcpServers": {
    "slack": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-slack"],
      "env": {
        "SLACK_BOT_TOKEN": "${SLACK_BOT_TOKEN}"
      }
    }
  }
}

Custom Python MCP Server

Create your own MCP server for internal APIs:


# my_mcp_server.py
from mcp.server import Server
from mcp.types import Tool, TextContent
 
server = Server("my-tools")
 
@server.tool()
async def query_internal_api(endpoint: str, params: dict) -> list[TextContent]:
    """Query our internal REST API."""
    import httpx
    async with httpx.AsyncClient() as client:
        resp = await client.get(
            f"https://internal-api.company.com/{endpoint}",
            params=params,
            headers={"Authorization": f"Bearer {os.environ['INTERNAL_API_KEY']}"}
        )
        return [TextContent(type="text", text=resp.text)]
 
if __name__ == "__main__":
    import asyncio
    asyncio.run(server.run())


{
  "mcpServers": {
    "internal-api": {
      "command": "python",
      "args": ["my_mcp_server.py"],
      "env": {
        "INTERNAL_API_KEY": "${INTERNAL_API_KEY}"
      }
    }
  }
}

Credential Management

Store secrets securely instead of hardcoding them:

Via Dashboard

Go to Runners > Credentials (/runners/credentials)
Add credentials (API keys, database URLs, tokens)
Reference them in MCP config as ${VAR_NAME}

Via API


# Store a credential
curl -X POST https://api.curate-me.ai/gateway/admin/runners/{runner_id}/credentials \
  -H "Authorization: Bearer $JWT" \
  -d '{
    "key": "DATABASE_URL",
    "value": "postgresql://user:pass@host:5432/db",
    "scope": "runner"
  }'

Via MCP Tool (from inside the agent)

Agents can read credentials at runtime:


// Inside OpenClaw agent
const dbUrl = await curate_credentials_read({ key: "DATABASE_URL" });

Your Machine + MCP Workflow

For a Windows user with a connected machine:

Step 1: Connect Your Machine

Follow the Connect Your Machine guide to register your hardware.

Step 2: Prepare Your Files

Put your data in the workspace directory:


# Copy your project files to the workspace
Copy-Item -Recurse C:\Projects\my-data C:\workspace\my-data

Step 3: Configure MCP Servers

Create or update the MCP config in your OpenClaw workspace:


# Edit the OpenClaw config to add your MCP servers
notepad C:\openclaw-config\config.json

Add your MCP servers under the agents section.

Step 4: Dispatch Work

From the dashboard, Slack, or API:


# Via Slack
/cm ask my-agent analyze the data in /workspace/my-data
 
# Via API
curl -X POST https://api.curate-me.ai/gateway/admin/runners/byovm/dispatch \
  -H "Authorization: Bearer $JWT" \
  -d '{
    "agent_id": "byovm_c8a4acd75ea7",
    "command": ["session.exec", "analyze", "/workspace/my-data"]
  }'

Step 5: Monitor

Watch the agent work from the dashboard:

Activity page (/runners/activity) — real-time event stream
Logs page (/runners/logs) — detailed execution logs
Command Center (/runners/command-center) — fleet overview

Security Considerations

Concern	How It’s Handled
MCP server access	Each server runs in its own process with scoped env vars
Credential storage	Secrets stored encrypted in the credential vault
Network access	MCP servers inherit the runner’s network policy (locked/standard/full)
Audit trail	All MCP tool calls logged in the audit trail
Cost tracking	LLM calls through MCP servers are tracked and budget-enforced
Tool profiles	`locked` profile restricts which tools agents can call

Tool Profiles

Profile	MCP Access
locked	Only governance MCP tools (curate-me server)
standard	Governance + approved custom MCP servers
full	All configured MCP servers

Troubleshooting

MCP Server Won’t Start


# Check if the server command works directly
npx your-mcp-server --help
 
# Check logs
curate logs --runner byovm_xxx --filter mcp

Agent Can’t Find MCP Tools

Verify the MCP server is listed in the OpenClaw config
Check that environment variables are set correctly
Restart the agent: nssm restart cm-runner (Windows)

Credentials Not Available

Verify credentials are stored for the correct runner/org scope
Check that the agent has RUNNER_READ permission for credentials
Use curate_credentials_read to test from inside the agent

Next Steps

Connect Your Machine — Set up your own machine as a runner
Slack Integration — Control agents from Slack
Runners Security — Security best practices for runners