🤖
Pipedream Connect
Connect 2,000+ APIs with managed OAuth via Pipedream. Includes full UI integration for OpenClaw Gateway dashboard with per-agent app isolation.
安全通过
⚙️脚本
技能说明
name: pipedream-connect description: Connect 2,000+ APIs with managed OAuth via Pipedream. Includes full UI integration for OpenClaw Gateway dashboard with per-agent app isolation. metadata: {"openclaw":{"emoji":"🔌","requires":{"bins":["mcporter"],"openclaw":">=2026.1.0"},"category":"integrations"}}
Pipedream Connect
Connect your AI agents to 2,000+ APIs with managed OAuth via Pipedream. Each agent gets its own isolated app connections and OAuth tokens.
What's New (2026-03-01 v1.3.0)
- Per-agent app connections — App connections moved to Agents → [Agent] → Tools → Pipedream
- Global tab = credentials only — The Pipedream tab is now for platform auth (Client ID/Secret/Project ID) only
- External User ID defaults to agent slug — e.g.
main,scout-monitor(not a UUID) - Live connected apps — Refresh queries the Pipedream API for real connected accounts
- Environment warning — Agent panel shows a warning when running in development mode
- New RPCs:
pipedream.connect,pipedream.disconnect,pipedream.test(per-agent, useagentId+appSlug)
What's New (v1.3.0) — Vault-Backed Secrets
clientIdandclientSecretstored in~/.openclaw/secrets.json(OpenClaw vault) — no longer plaintext inpipedream-credentials.jsonPIPEDREAM_CLIENT_SECRETremoved frommcporter.jsonenv — client secret is never written to mcporter config- Auto-migration: on first gateway start after upgrade, existing
pipedream-credentials.jsonsecrets are silently moved to vault and stripped from the file - Token refresh script now reads from vault first (falls back to credentials.json → mcporter.json for backwards compat)
pipedream-credentials.jsonnow contains only non-sensitive fields:projectId,environment,externalUserId- VirusTotal "suspicious" flag resolved — no plaintext credential files
Architecture
Global Pipedream Tab
└── Platform credentials (Client ID, Secret, Project ID, Environment)
└── Agent quick-links table (→ navigate to per-agent config)
Agents → [Agent] → Tools → Pipedream
└── External User ID (defaults to agent slug)
└── Connected Apps (live from Pipedream API)
└── Available Apps grid + Browse All Apps modal
└── Manual slug entry
Prerequisites
- Pipedream Account — pipedream.com
- mcporter —
npm install -g mcporter - OpenClaw Gateway — v2026.1.0 or later
Setup
Step 1: Create OAuth Client & Project
- Go to pipedream.com/settings/api → New OAuth Client
- Copy Client ID and Client Secret
- Go to pipedream.com/projects → create a project
- Copy Project ID (
proj_...)
Step 2: Configure Platform Credentials
- OpenClaw Dashboard → Pipedream tab → Configure
- Enter Client ID, Client Secret, Project ID
- Set Environment to
production(not development — development tokens expire faster and have lower rate limits) - Click Save Credentials
Step 3: Connect Apps Per Agent
- Go to Agents → [Agent] → Tools → Pipedream
- Verify the External User ID (defaults to agent slug, e.g.
main) - Click Connect on any app in the grid — completes OAuth in a popup
- Click ↻ Refresh after OAuth completes to see the app appear in Connected Apps
Step 4: Token Refresh (Recommended)
# Cron job — runs every 45 minutes
(crontab -l 2>/dev/null; echo "*/45 * * * * /usr/bin/python3 $HOME/openclaw/skills/pipedream-connect/scripts/pipedream-token-refresh.py >> $HOME/openclaw/logs/pipedream-cron.log 2>&1") | crontab -
Per-Agent Isolation
Each agent uses a separate Pipedream external_user_id:
| Agent | External User ID | Pipedream Identity |
|---|---|---|
main | main | Isolated OAuth tokens |
scout-monitor | scout-monitor | Isolated OAuth tokens |
scout-spark | scout-spark | Isolated OAuth tokens |
Config stored at: ~/.openclaw/workspace/config/integrations/pipedream/{agentId}.json
External User ID defaults to agent slug. Override it in Agents → Tools → Pipedream → Edit.
RPC Reference
Global (credentials)
| RPC | Params | Description |
|---|---|---|
pipedream.status | — | Get global credential status + agent summaries |
pipedream.saveCredentials | clientId, clientSecret, projectId, environment | Save platform credentials |
pipedream.getToken | — | Get/refresh the platform OAuth access token |
pipedream.getConnectUrl | agentId, appSlug | Get OAuth connect URL for a user+app |
pipedream.connectApp | agentId, appSlug | Complete app connection + write to mcporter |
pipedream.disconnectApp | agentId, appSlug | Disconnect app + remove from mcporter |
pipedream.refreshToken | agentId?, appSlug? | Refresh token(s) — all or specific agent/app |
pipedream.activate | agentId, appSlug | Activate an app (add to mcporter if not present) |
Per-Agent
| RPC | Params | Description |
|---|---|---|
pipedream.agent.status | agentId | Get config + live connected apps from API |
pipedream.agent.save | agentId, externalUserId | Save per-agent config |
pipedream.agent.delete | agentId | Remove per-agent config |
pipedream.connect | agentId, appSlug | Get OAuth connect URL for agent |
pipedream.disconnect | agentId, appSlug | Disconnect app + remove from mcporter |
pipedream.test | agentId, appSlug | Test app connection |
Using Connected Tools
# Gmail (agent: main → externalUserId: main)
mcporter call pipedream-main-gmail.gmail-find-email \
instruction="Find unread emails from today"
# Google Calendar (agent: scout-monitor)
mcporter call pipedream-scout-monitor-google-calendar.google-calendar-find-event \
instruction="Find events for tomorrow"
Server names follow the pattern: pipedream-{externalUserId}-{appSlug}
Environment: Development vs Production
⚠️ Use Production for real work:
- Development tokens expire faster and have lower rate limits
- Set in: Pipedream tab → Edit credentials → Environment → Production
- The agent Pipedream panel shows a warning when running in development mode
Security
| Behavior | Detail |
|---|---|
| clientId | Stored in ~/.openclaw/secrets.json (vault, 0600) |
| clientSecret | Stored in ~/.openclaw/secrets.json (vault, 0600) — never in plaintext config files |
| Non-secret config | ~/.openclaw/workspace/config/pipedream-credentials.json — projectId, environment, externalUserId only |
| Per-agent config | ~/.openclaw/workspace/config/integrations/pipedream/{agentId}.json |
| Access tokens (JWT) | Short-lived Bearer token in mcporter.json Authorization header — acceptable, refreshed every 45 min |
| mcporter env | PIPEDREAM_CLIENT_SECRET is never written to mcporter.json |
| External API calls | api.pipedream.com, remote.mcp.pipedream.net |
| Auto-migration | Existing plaintext credentials.json secrets automatically moved to vault on first gateway start |
Troubleshooting
Connected app not showing after OAuth → Click ↻ Refresh — the panel queries the Pipedream API live for connected accounts
unknown method: pipedream.connect
→ Rebuild and restart gateway: pnpm build && openclaw gateway restart
No Pipedream credentials configured
→ Set up credentials in the global Pipedream tab first
Development environment warning
→ Edit credentials in Pipedream tab, change Environment to production, save
Token expired → Set up the 45-minute cron job above, or click Connect again to re-authorize
Support
- ClawHub: clawhub.ai/skills/pipedream-connect
- Pipedream Docs: pipedream.com/docs
- MCP Apps: mcp.pipedream.com
- OpenClaw Discord: discord.com/invite/clawd
Reference Files
| File | Purpose |
|---|---|
reference/pipedream-backend.ts | Gateway RPC handlers (all pipedream.* methods) |
reference/pipedream-views.ts | Global Pipedream tab UI (Lit) |
reference/pipedream-controller.ts | Global tab state management |
reference/agent-pipedream-views.ts | Per-agent Pipedream panel UI (Agents → Tools → Pipedream) |
reference/agent-pipedream-controller.ts | Per-agent state management |
reference/README.md | Reference file notes |
scripts/ | Token refresh and utility scripts |
如何使用「Pipedream Connect」?
- 打开小龙虾AI(Web 或 iOS App)
- 点击上方「立即使用」按钮,或在对话框中输入任务描述
- 小龙虾AI 会自动匹配并调用「Pipedream Connect」技能完成任务
- 结果即时呈现,支持继续对话优化