OpenClaw is an open-source AI agent runtime that runs on your own infrastructure and routes the same assistant across web, Discord, Telegram, and any custom channel you build. Because OpenClaw is self-hosted by design, connecting it to Truthifi looks different from the click-through flows you'd use in Claude or ChatGPT — there's no UI dialog. You add Truthifi as an MCP server in OpenClaw's config, either through the bundled mcporter skill or by editing a JSON file directly. Either way, once Truthifi is registered, every conversation across every OpenClaw channel can read your real portfolio data.

This guide walks both paths. Pick the one that fits your comfort level — the result is identical.

What you'll need before you start

• A self-hosted OpenClaw instance you can access (web shell, SSH, or local Node environment).

• A Truthifi account with at least one financial account already linked. New to Truthifi Connect?

• For Path A (mcporter): Node.js 20 or higher and the ability to run npm install -g.

• For Path B (direct config): a text editor and read/write access to ~/.openclaw/openclaw.json on the OpenClaw host.

Truthifi's MCP server is read-only by design — OpenClaw can read your portfolio, balances, holdings, and Truthifi Score, but it can't initiate transactions, modify accounts, or move money. Your bank credentials never pass through OpenClaw or Truthifi. That separation matters more on a self-hosted runtime than it does on Claude or ChatGPT, because you are now responsible for the security of the agent host. A read-only data source means there's nothing destructive an attacker could trigger even if they compromised the OpenClaw box.

Step 1 — Add Truthifi to OpenClaw

Two paths. Path A is faster if you have Node.js handy; Path B is cleaner if you prefer to manage config files explicitly.

Path A — recommended: mcporter skill

OpenClaw ships with the mcporter skill, a CLI for finding and installing MCP servers into an OpenClaw instance. From your OpenClaw host:

npm install -g mcporter
mcporter search truthifi
mcporter install --target openclaw truthifi

npm install -g mcporter
mcporter search truthifi
mcporter install --target openclaw truthifi

The install command writes the right entry into your OpenClaw config and walks you through OAuth on first use. If mcporter search doesn't find Truthifi (the registry is community-maintained and not all servers are indexed), skip to Path B — the result is identical.

Path B — direct config edit

Open ~/.openclaw/openclaw.json in your editor and add Truthifi to the mcpServers block:

{
  "mcpServers": {
    "truthifi": {
      "type": "http",
      "url": "https://api.truthifi.com/mcp"
    }
  }
}

{
  "mcpServers": {
    "truthifi": {
      "type": "http",
      "url": "https://api.truthifi.com/mcp"
    }
  }
}

If you already have other MCP servers configured, add the truthifi entry alongside them — same structure, just append. Save the file and restart the OpenClaw gateway. The first OpenClaw conversation that calls Truthifi will trigger the OAuth flow.

Step 2 — Authenticate via OAuth

Unlike Claude or ChatGPT, OpenClaw doesn't authenticate at connector-creation time. Authentication happens the first time the agent actually calls a Truthifi tool — usually the first time you ask a question that touches portfolio data.

What to expect:

1. OpenClaw opens an OAuth authorization URL in your browser. (If OpenClaw runs headless on a remote host, you'll get a URL to open manually.)

2. Truthifi shows the requested scope: read-only access to your portfolio data, holdings, balances, and Truthifi Score. No write permissions are requested.

3. Click Allow. Truthifi issues a scoped access token to OpenClaw and returns you to your OpenClaw conversation.

4. Subsequent calls reuse the token until it expires; OpenClaw refreshes it automatically.

Truthifi uses OAuth 2.1 with dynamic client registration, which OpenClaw and the mcporter skill both support natively.

Common auth errors and what to check:

• "invalid_client" or "client not registered": OpenClaw's dynamic client registration didn't complete. Restart the OpenClaw gateway and try again — the first call after restart re-registers cleanly.

• "scope rejected" or "access_denied": you clicked Deny on the Truthifi consent screen. Run any Truthifi-touching prompt in OpenClaw to retrigger the consent flow.

• "token expired": OpenClaw should refresh automatically. If you see this repeatedly, check that your OpenClaw host's clock is in sync — token validation fails when the clock drifts more than a few minutes.

Step 3 — Test the connection

From any OpenClaw chat surface — web, Discord, Telegram, terminal — ask a question that requires real account data. A few prompts that exercise different paths:

• "Use Truthifi to show my current asset allocation."

• "What's in my portfolio across all my accounts?"

• "Summarize my holdings by account type."

OpenClaw should respond with your actual numbers, citing Truthifi as the source. A successful response includes specific dollar amounts or percentages tied to real positions, not a generic "I'd need access to your accounts" deflection. If you see generic answers, the connection isn't being picked up — check your OpenClaw logs for MCP-related errors. The most common issue is a typo in the URL: it's api.truthifi.com, not mcp.truthifi.com.

Why Truthifi — and not just any data source

You can hand OpenClaw a CSV of your holdings or scrape your brokerage portal yourself. We've seen people do both. The trouble is that data goes stale the moment it's exported, and scraping pulls you into account-credential territory that you don't want a self-hosted agent touching.

Three specific failure modes we see with the DIY approaches:

• CSVs decay fast. A snapshot from Monday morning is wrong by Monday afternoon if any position trades. OpenClaw will confidently quote stale numbers because it has no way to know they're stale.

• Scraping requires credentials. To pull live data via screen-scraping, you need to give your OpenClaw host your brokerage username and password. Now your AI agent host is a credentials store, with all the security obligations that implies.

• No normalization across institutions. Fidelity, Schwab, and Vanguard all describe holdings differently. Without a normalization layer, OpenClaw can't reliably answer "what's my total VTI position across all my accounts?" because each export uses different field names and formats.

Truthifi connects to your real financial institutions through industry-standard aggregation, normalizes the data, and exposes a read-only MCP server on top. Your brokerage credentials stay at your brokerage. OpenClaw gets a scoped OAuth token that can read portfolio facts and nothing else. When the data changes — a trade settles, a dividend posts, an account balance moves — Truthifi reflects it the next time OpenClaw queries.

What to ask once you're connected

OpenClaw with Truthifi shines on questions that combine portfolio facts with reasoning. Some places to start:

• Allocation: "Am I overweight in tech relative to my target allocation?"

• Concentration: "What's my single largest position as a percentage of total portfolio?"

• Fees: "Pull the expense ratios for all my mutual funds and rank them."

• Tax: "Which positions in my taxable accounts are at a loss right now and would qualify for tax-loss harvesting?"

• Drift: "Compare my current allocation to my 60/40 target and tell me what I'd need to rebalance."

• Cross-account: "Total up my retirement accounts across all custodians and show me the year-over-year change."

• Dividend timing: "What dividends am I expecting in the next 30 days, and from which positions?"

• Cash drag: "How much cash am I sitting on across all accounts, and what's the lost return at current bond yields?"

OpenClaw can call Truthifi directly mid-conversation — no need to pre-load context. The agent decides when to query Truthifi based on the question; you don't have to tell it "look this up" every time.

Multi-channel: Discord, Telegram, Web

This is OpenClaw's defining feature, and it changes how Truthifi feels in practice. You set up Truthifi once on the OpenClaw host. After that, any OpenClaw channel can query your portfolio with the same OAuth scope and the same data:

• Web chat: the standard OpenClaw web UI on whatever domain you've configured.

• Discord: mention your OpenClaw bot in any channel where it's installed and ask portfolio questions inline. Useful for shared family-finance servers or close-knit advisor groups.

• Telegram: private chat with your OpenClaw bot for quick balance checks on the go.

• Custom channels: if you've extended OpenClaw with your own connectors (Slack, SMS, voice), Truthifi works there too.

The OAuth token authorizes your OpenClaw instance. If multiple people use the same OpenClaw host, each user authenticates separately and sees only their own Truthifi data — there's no cross-user leakage.

Self-hosted vs hosted OpenClaw

OpenClaw is open-source and most users run it on their own infrastructure — a personal VPS, a Raspberry Pi, AWS, Fly.io, anything that runs Node. The Truthifi setup is identical regardless. There's no "OpenClaw Cloud" tier with different mechanics.

One thing to watch if you run OpenClaw behind a reverse proxy: set the MCP_ISSUER_URL environment variable to your public HTTPS URL. Without it, OpenClaw advertises http://localhost:3000 in the OAuth metadata and the redirect from Truthifi back to your instance will fail. Most reverse-proxy gotchas trace to this single setting.

To revoke access

You can revoke the connection from either side:

• From Truthifi: sign in to truthifi.com → Settings → Connected Apps → find OpenClaw → Revoke. The next OpenClaw call to Truthifi will fail authentication; OpenClaw should report the error in its logs.

• From OpenClaw: remove the truthifi entry from ~/.openclaw/openclaw.json (Path B users) or run mcporter uninstall truthifi (Path A users). Restart the OpenClaw gateway.

If you're rotating credentials rather than fully disconnecting, just revoke from Truthifi and reconnect — OpenClaw will trigger a fresh OAuth flow on the next call.