MCP Server
What is MCP?
The Model Context Protocol (MCP) is an open standard developed by Anthropic that allows AI assistants like Claude to securely connect to external tools and data sources. Instead of embedding credentials or writing custom API calls, you expose a set of tools that Claude can call on your behalf.
MCP servers run locally on your machine and communicate with Claude Desktop over a secure local socket. Your credentials never leave your computer â the MCP server talks to the Clavis API using your stored auth token.
Why use Clavis with Claude Desktop?
Clavis already manages your credentials for AI services like OpenAI, Anthropic, GitHub, Stripe, and more. The Clavis MCP server exposes that credential vault directly inside Claude Desktop â no copy-pasting API keys, no switching terminals.
- One place for all credentials â list, fetch, and check any service you have registered in Clavis, right from Claude.
- Natural language interface â ask Claude to "get my OpenAI credentials" or "check if my GitHub token is still valid" without writing code.
- Zero new attack surface â the MCP server reads from your existing Clavis account. Credentials stay encrypted; only valid tokens are returned.
- Works alongside the Python SDK â use the MCP server for interactive work in Claude Desktop, and the SDK for your production agent pipelines.
Installation
The Clavis MCP server is distributed as an npm package. Install it globally so Claude Desktop can find the binary:
$ npm install -g @clavisagent/mcp-server
Verify the installation:
$ clavis-mcp --version 0.1.1
Configuration
Add the Clavis MCP server to your Claude Desktop configuration file. The file location depends on your OS:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json - Linux:
~/.config/Claude/claude_desktop_config.json
Add the following entry to the mcpServers section of your config. If the file does not exist yet, create it with the structure below:
{
"mcpServers": {
"clavis": {
"command": "clavis-mcp",
"args": [],
"env": {
"CLAVIS_API_KEY": "eyJ...", // JWT from POST /v1/auth/login
"CLAVIS_API_URL": "https://clavisagent.com"
}
}
}
}
POST /v1/auth/login to receive a JWT (starts with eyJ). Use that JWT â not the cla_⌠key shown at sign-up â as your CLAVIS_API_KEY.
After saving the config, restart Claude Desktop. You should see a hammer icon in the chat input bar indicating MCP tools are available.
Available Tools
The Clavis MCP server exposes three tools to Claude:
| Tool | Description | Parameters |
|---|---|---|
| list_services | Returns all services registered in your Clavis account â name, connector type, and auth method. | None |
| get_credentials | Retrieves a valid, decrypted access token for the named service. Handles token refresh automatically if the cached token is expired. | service_name (string) â the name you gave the service when registering it (e.g., "my-openai") |
| check_credential_status | Checks whether a service's credentials are valid and returns rate-limit status (remaining requests, reset time). | service_name (string) |
| call_service Recommended | Makes an API call with server-side credential injection. The credential is fetched from the Clavis vault and injected into the upstream request — Claude never sees the raw key. Prevents prompt-injection exfiltration architecturally. | service_name, method, url (required); headers, params, json, data (optional) |
call_service instead of get_credentials wherever possible.
call_service injects the credential server-side — it never appears in the conversation,
eliminating prompt-injection exfiltration as an attack vector.
Example: calling an API securely with call_service
call_service with service_name: "stripe-prod", method: "GET", url: "https://api.stripe.com/v1/balance"]Your Stripe balance:
• Available: $4,231.00 USD
• Pending: $182.50 USD
The API key was injected server-side — it was never part of this conversation.
Example Usage
Once the MCP server is running, you can interact with your Clavis credentials using plain English in Claude Desktop:
list_services]You have 3 services registered:
•
my-openai â openai connector (api_key)•
my-github â github connector (oauth2)•
stripe-prod â stripe connector (api_key)get_credentials with service_name: "my-openai"]Here is your current OpenAI API key:
sk-proj-â˘â˘â˘â˘â˘â˘â˘â˘XYZToken is valid and cached â expires in 11h 42m.
check_credential_status with service_name: "stripe-prod"]Your
stripe-prod service looks healthy:• Status: valid
• Requests remaining: 847 / 1000 this window
• Window resets in: 34 minutes
Troubleshooting
Claude Desktop does not show the Clavis tools
Make sure you have fully quit and restarted Claude Desktop after editing the config file. Also verify the config JSON is valid (no trailing commas). You can validate it with:
$ node -e "JSON.parse(require('fs').readFileSync(process.argv[1],'utf8')) && console.log('valid JSON')" \
~/Library/Application\ Support/Claude/claude_desktop_config.json
Authentication errors
If Claude reports authentication failures, your JWT may have expired (default TTL is 24 hours). Fetch a fresh token:
$ curl -sX POST https://clavisagent.com/v1/auth/login \
-H 'Content-Type: application/json' \
-d '{"email":"you@example.com","password":"yourpassword"}' \
| python3 -m json.tool
Copy the new access_token value into your claude_desktop_config.json and restart Claude Desktop.
MCP server binary not found
Ensure clavis-mcp is on your PATH after the global install:
$ which clavis-mcp /usr/local/bin/clavis-mcp
If the command is not found, check that your npm global bin directory is in your PATH. Run npm bin -g to find the path and add it to your shell profile.
NPM Package
The Clavis MCP server is published on npm. You can inspect the source, report issues, and track releases on the package page: