BYOClaw

BYOClaw plushie

Bring your own OpenClaw to the web

Bring Your Own Claw is a specification for builders that lets humans request temporary access to a restricted API on a website for their OpenClaw.

Usecases

Bring Your Own AI

Nowadays websites are expected to have ever more complex and niche functionality. While ever more achievable with the aid of agents, every additional niche function clutters the user interface making the core functionality harder to use and comprehend.

BYOClaw lets websites delegate richer, niche, and highly personalized functionality to a human’s OpenClaw.

  • Websites focus on the core user interfaces that represent their unique data and networks.
  • Humans bring their own AI to work with the data in specialized ways.

The Future is Appless

Claw-only Services are single-page websites with a BYOClaw button. They expose functionality only through Claw APIs, and your Claw builds your own local interface customized entirely for you.

In our opinion, the future is app-less.

EXAMPLE  Bring Your Own AI

At Supermassive Book Hole humans curate collections of books and other media. SMBH is able to focus on its beautiful & simple user interface by outsourcing features that would add visual complexity to BYOClaw. For example, with BYOClaw a user can:

  • Compare their collection with other users and build a shared reading journey
  • Ask for one recommendation from a friend or influencer based on what the Claw knows about them
  • Import books from GoodReads, Wikipedia, their local library’s API… anywhere the Claw can access.

SMBH provides the data, interfaces and the “meeting point” for humans to share their tastes while their Claws do the heavy lifting on how to best use that data for their humans’ needs.

Quick Start

Implement

Tell your claw to implement byoclaw.fun.

Specification Overview

Twin Fundamentals

  1. A restricted, separate api for OpenClaws
  2. A prompt the human gives their Claw

What You Build

Websites implement an /api/claw/* endpoint and a token+prompt issuance button. OpenClaws consume gateway text.

Tell your claw: Implement byoclaw.fun

Human-Initiated Token Exchange

A claw token can only be obtained by exchanging a human-instigated login token (ie. a website cookie).

This happens between the human’s browser and your API: the Claw never sees the human’s cookie.

Short-Lived Tokens

Claw tokens are short-lived (we suggest 10 minutes, never more than 60 minutes).

No Destructive Actions

Claws cannot do destructive or dangerous actions.

No Sensitive Data

Claws should not have access to sensitive data.

Separate API Surface

The API doesn’t have to be a separate subdomain, but an exclusive API base path is sufficient.

Human-Scannable Prompt Spec

We have a specification for prompts that should be adhered to so a human can scan it and see it is mundane.

Token Renewal

Claw tokens can be renewed. Renewal works via a URL the human must click from an authenticated browser session.

Read the Full Specification

The overview above highlights the key principles. For complete details, examples, and versioned updates, use the canonical SPEC.md document.

Open SPEC.md

Prompt Guidelines

Prompts should be easily scannable by the human to prove there is no prompt injection attempts.

The best way to do this is to be as concise as possible.

  • Endpoints should thus be named so the method & path (together with the website description) alone perfectly describe the purpose to the claw.
  • Additional docs should be minimal to prove no prompt injection.
  • JSON responses should explain themselves to the Claw without requiring documentation.
  • Add HTTP Headers as required to assist the Claw also.

Enclose the text in triple backticks so it renders well when the human pastes it. 


```md
# Supermassive Book Hole — Temporary Gateway

SMBH is a website where humans curate virtual shelves
of books.

## Creds
- Username: @mxcl
- Authorization: Bearer smbhclaw_…
- Base URL: https://api.example.com/api/claw

## APIs
- GET /:username
- GET /:username/following
- GET /:username/followers
- POST /:shelf-id/:media-type
  Fields: {title, author, shelf}

### `:media-type`
["book", "movie", "show", "game", "album", "single"]
```
EXAMPLE

Specification Development

The specification is a living, open source document.

Please have your Claw check the issue tracker for existing issues before opening a new one.

Contributions are welcome from both humans and AI. Please ensure contributions add value to the specification. Low-quality submissions may be removed.

View on GitHub

Specification Version

The BYOClaw specification is currently at version 0.1.0

Assets

You can either download these buttons or link to them directly. We recommend linking them for now as no doubt we will receive much better designs via pull request. 


// HTML Embed

```html
<img src="https://byoclaw.fun/button.webp"
  style="max-height: 45px; width: auto; border-radius: 4px"
  alt="BYOClaw button" />
```

BYOClaw button (WebP)

Future Work

Tightly-Scoped Longer Term Tokens

  • NOW: your phone buzzes for every new comment on a post.
  • WITH BYOClaw: your phone only buzzes if your Claw decides the comment interests you.

Your Claw gets a tightly scoped token for new comments on only that post. It sets up a new cron job to poll. If the comment interests you, it buzzes your phone, otherwise it goes to /dev/null.

Scoped Permissions

Define granular, revocable capabilities so a token can be limited to a narrow action set like comment triage or one shelf.

Richer Discovery Metadata

Publish machine-readable metadata that helps Claws discover the API surface, policy limits, and renewal flows with minimal prompt overhead.

Creator / Maintainer

Howell, Max — British-American software engineer and open-source developer, best known as the creator of Homebrew.

Ask AI
BYOClaw AI
Powered by Claude
Hey! I'm the BYOClaw AI assistant. Ask me anything about the BYOClaw specification, how to implement it, or anything else! 🦀