DEV Community

Cover image for Hijacking OpenClaw with Claude
ShatilKhan
ShatilKhan

Posted on

Hijacking OpenClaw with Claude

#devchallenge #openclawchallenge #claude #ai

OpenClaw Challenge Submission 🦞

This is a submission for the OpenClaw Writing Challenge

ClawCon Michigan

Prelude

My boss has been nagging me about "being more verbal" and "showing proof of work" and here I was pushing code when no one was seeing it.

gigachadvscrawny

So I decided to try out OpenClaw for as our product manager (our human product manager ran away to Thailand, it's True!)

I have no idea how to set it up or how it works. I had only seen tiktoks saying both good and bad stuff. And a Fireship video I saw weeks ago. That's pretty much my knowledge on this crab.
So today we make it folks!
Our Clawfficer!

The Problem: We Had Claude Code, But Not Claude

Here's the thing. My company gave us access to Claude Code (the CLI tool) through our dev environments. But they didn't give us Claude web accounts or API keys. No console.anthropic.com. No OAuth flow. No nothing.

So I'm sitting there with this powerful CLI tool installed, but I can't even log in the "normal" way because that requires a web account.

Sound familiar? If your office IT is anything like mine, you probably have access to tools but not the accounts that make them "officially" work.

Time to mad-scientist our way through this.

What even is OpenClaw?

If you've come this far to read my post I'm assuming you know what OpenClaw is ¯_(ツ)
I mean it's not like it has the largest growing repo in history ¯_(ツ)

But here's the catch: OpenClaw needs Claude(or any other AI model) to actually do the thinking. And Claude usually needs an API key or web OAuth to work.

Except... we already have Claude Code installed. And Claude Code has a trick.

The Symlink Hack

When you install Claude Code globally:

npm install -g @anthropic-ai/claude-code
Enter fullscreen mode Exit fullscreen mode

It creates a claude binary in your PATH. But most people don't realize, this binary carries its OWN AUTHENTICATION!

When you run claude /login (which we could do because we had the CLI but we can't because boss removed the email account ┐( ˘_˘)┌ ), it opens a browser and does OAuth with your Claude Pro/Max subscription. It then stores a refresh token at:

~/.claude/.credentials.json
Enter fullscreen mode Exit fullscreen mode

Now here's the beautiful part: Claude Code can run in headless mode.

echo "Summarize these commits" | claude -p --output-format=text
Enter fullscreen mode Exit fullscreen mode

No API key. No ANTHROPIC_API_KEY env var. No web console. Just the OAuth token that Claude Code manages itself, auto-refreshing forever.

We basically hijacked the Claude Code CLI's authentication mechanism and piped it into our OpenClaw workflow. The CLI becomes our "API layer" without us ever touching an API key.

This is how Claude Code's OAuth flows into our OpenClaw setup without ever exposing an API key

System Architecture for OpenClaw with Clause Code CLI

But of course we ain't done yet!

LOOP!

We have an agent, we have a runtime.
So we still gotta make it survive restarts "( – ⌓ – )

So we wrap it as a systemd user service. Voila! now it starts on boot and restarts if crashes

We override PATH in the systemd unit so it can find the claude symlink.
Without that PATH override, systemd's stripped-down environment can't find Claude Code, and the whole digest flow breaks. It's a one-line fix that took us an embarrassing amount of time to figure out.

openclaw as a systemd service

Meet the Clawfficer

So what does our "mad science" actually do?

We built a Discord bot that acts as our product manager. We call it the Clawfficer.
If you add clawfficer to your server channel , he will summarize daily and weekly github updates in Natural language.. SO not just generic auto generated bullet points, you could ask it "Hey what's the update on this project?" or "Hey we should add this to the roadmap and assign Shatil" or "I found this issue , can you assign Shatil to get a look at it?" , clawfficer will do his due diligence and assign the respective dev AND tag the message url in the github issue!

Here's some photos we took of Clawfficer in Action!

Here I ask Clawfficer to assign Mahim(my college) to an issue
assign to issue

Here we see the issue was created and assigned with the discord message refrence

issue with discord message

It's shown that the issue was created by me because I used my own github PAT(personal access token) for the repo access.

Here we see Clawfficer in his natural environment sharing summaries

daily summary
Every day at 9 AM and every Sunday at 10 AM, the bot pulls activity from all 8 of our repos across all branches (not just main , we have more repos but just included the most active ones for testing on the agent).

Then it pipes all that data into:

claude -p --output-format=text
Enter fullscreen mode Exit fullscreen mode

And Claude spits back a human-readable prose summary. Not bullet points. Not raw JSON. Actual sentences like:

"Medihelp saw 12 commits across 3 branches this week, mostly schema migrations by Mahim. The eyecraft landing page got its first PR review."

The bot posts this to #roadmap. My boss sees it. I stop getting nagged about "proof of work."

Everyone wins.

The Claude Code symlink approach means you can:

  1. Use your existing subscription (Claude Pro/Max)- same billing bucket as your interactive usage
  2. Run headlessly in scripts, cron jobs, and bots
  3. Never handle an API key - OAuth tokens live in ~/.claude/ and auto-refresh
  4. Deploy anywhere that has Node.js and your user context

It's not "officially supported" as an API replacement. But it works. And for internal tools that need to "just work" without procurement battles, that's gold.

OpenClaw Harness with Claude Code AI Engine in Node Runtime

Stuff I Spent way too much time on

1. Branch Coverage Matters

GitHub's /commits endpoint defaults to the default branch. If your team works on feature branches (and they should), your digest will look empty even when people are pushing code.

Fix: Iterate all branches, dedupe by commit SHA. Obvious in hindsight, painful in production.

2. The OAuth Token is Everything

The ~/.claude/.credentials.json file is the single point of auth failure. If it expires or gets corrupted, claude -p exits with code 1 and your digest falls back to bullet points.

Fix: Run claude interactively once to re-auth. The CLI handles refresh tokens automatically after that.

3. systemd PATH is Not Your Shell PATH

Your interactive shell has claude in PATH. systemd doesn't. Explicitly set Environment=PATH=... in your unit file or the spawn fails silently.

The Clawfficer is intentionally minimal. I deliberately didn't build a lot of other regular features. (I mean I only built it yesterday in 8 hours without any prior knowledge of Claw so ¯_(ツ)_/¯ )
But the foundation is there. And more importantly, the authentication pattern is there.Claude Code's CLI isn't just an interactive coding assistant , it's a headless LLM engine that happens to already be authenticated.

Shatil Khan builds things at Anchorblock and argues with crabs on the internet. Follow for more questionable engineering decisions that somehow work.

Yeah Baby!

Top comments (0)