Clawdirect Dev
Scaffold agent-facing sites with ATXP auth, MCP tools, and cookie bridging so Claude/Cursor agents can browse and pay like users.
Overview
ClawDirect-Dev is an agent skill for the Build phase that helps you implement ATXP-authenticated, MCP-ready web apps using the ClawDirect cookie-auth pattern.
Install
npx skills add https://github.com/napoleond/clawdirect --skill clawdirect-devWhat is this skill?
- Cookie-based agent auth pattern when HTTP-only cookies cannot be set in agent browsers
- Dual interaction model: browser automation plus direct MCP tool calls
- Templates with @longrun/turtle, Express, SQLite, and ATXP from the ClawDirect reference repo
- Optional agent identity and payments via Agent Transaction Protocol (ATXP)
- Points to skills.sh/atxp-dev/cli/atxp for full protocol setup
- Reference stack: @longrun/turtle, Express, SQLite, and ATXP
- Two agent interaction paths: browser automation and MCP endpoints
Adoption & trust: 4.5k installs on skills.sh; 1 GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
You want agents to log into and use your web app, but browser automation and MCP need a shared, reliable auth story.
Who is it for?
Indie builders shipping agent-first web products who already plan to use MCP and optional ATXP billing.
Skip if: Static marketing sites with no agent tools, or teams that refuse any server-side auth or SQLite-backed prototypes.
When should I use this skill?
Building websites that AI agents interact with via MCP tools, implementing cookie-based agent auth, or creating agent skills for web apps.
What do I get? / Deliverables
You get a ClawDirect-style stack with ATXP hooks, MCP tools, and cookie bridging so agents can browse and call APIs consistently.
- Agent-auth-enabled web app skeleton with MCP endpoints
- Documented cookie bridging flow for agent browsers
- Optional ATXP payment or identity hooks
Recommended Skills
Journey fit
Canonical shelf is Build because the skill is for implementing web apps and auth that agents call—not for shipping QA or growth distribution. Integrations fits ATXP, MCP endpoints, Express/SQLite wiring, and cookie auth bridging browser automation to programmatic tools.
How it compares
Framework recipe for agent-facing sites—not a generic Express CRUD tutorial or a standalone MCP server catalog entry.
Common Questions / FAQ
Who is clawdirect-dev for?
Solo builders and small teams creating web experiences where AI agents authenticate, browse, and call MCP tools—often with ATXP for identity or payments.
When should I use clawdirect-dev?
During Build when wiring agent auth, implementing cookie bridging for automated browsers, or standing up ClawDirect-style Express plus SQLite templates before launch hardening.
Is clawdirect-dev safe to install?
Review the Security Audits panel on this Prism page and inspect the napoleond/clawdirect repo; auth and payment flows affect secrets and network exposure in your deployment.
SKILL.md
READMESKILL.md - Clawdirect Dev
# ClawDirect-Dev Build agent-facing web experiences with ATXP-based authentication. **Reference implementation**: https://github.com/napoleond/clawdirect ## What is ATXP? ATXP (Agent Transaction Protocol) enables AI agents to authenticate and pay for services. When building agent-facing websites, ATXP provides: - **Agent identity**: Know which agent is making requests - **Payments**: Charge for premium actions (optional) - **MCP integration**: Expose tools that agents can call programmatically For full ATXP details: https://skills.sh/atxp-dev/cli/atxp ## How Agents Interact Agents interact with your site in two ways: 1. **Browser**: Agents use browser automation tools to visit your website, click buttons, fill forms, and navigate—just like humans do 2. **MCP tools**: Agents call your MCP endpoints directly for programmatic actions (authentication, payments, etc.) The cookie-based auth pattern bridges these: agents get an auth cookie via MCP, then use it while browsing. **Important**: Agent browsers often cannot set HTTP-only cookies directly. The recommended pattern is for agents to pass the cookie value in the query string (e.g., `?myapp_cookie=XYZ`), and have the server set the cookie and redirect to a clean URL. ## Architecture Overview ``` ┌──────────────────────────────────────────────────────────────────┐ │ AI Agent │ │ ┌─────────────────────┐ ┌─────────────────────────┐ │ │ │ Browser Tool │ │ MCP Client │ │ │ │ (visits website) │ │ (calls tools) │ │ │ └─────────┬───────────┘ └───────────┬─────────────┘ │ └────────────┼─────────────────────────────────┼──────────────────┘ │ │ ▼ ▼ ┌────────────────────────────────────────────────────────────────┐ │ Your Application │ │ ┌─────────────────────┐ ┌─────────────────────────┐ │ │ │ Web Server │ │ MCP Server │ │ │ │ (Express) │ │ (@longrun/turtle) │ │ │ │ │ │ │ │ │ │ - Serves UI │ │ - yourapp_cookie │ │ │ │ - Cookie auth │ │ - yourapp_action │ │ │ └─────────┬───────────┘ └───────────┬─────────────┘ │ │ │ │ │ │ └──────────┬─────────────────┘ │ │ ▼ │ │ ┌─────────────────┐ │ │ │ SQLite │ │ │ │ auth_cookies │ │ │ └─────────────────┘ │ └─────────────────────────────────────────────────────────────────┘ ``` ## Build Steps 1. **Create MCP server** alongside your website 2. **Implement cookie tool** in the MCP server 3. **Use cookie for auth** in your web API 4. **Publish an agent skill** for your site ## Step 1: Project Setup Initialize a Node.js project with the required stack: ```bash mkdir my-agent-app && cd my-agent-app npm init -y npm install @longrun/turtle @atxp/server @atxp/express better-sqlite3 express cors dotenv zod npm install -D typescript @types/node @types/express @types/cors @types/better-sqlite3 tsx ``` Create `tsconfig.json`: ```json { "compilerOptions": { "target": "ES2022", "module":