← Back to Blog

How to Let AI Run Your Life Without Giving It Your Keys

OpenClaw (formerly MoltBot, formerly ClawdBot) — is an open-source framework that lets Claude live as a persistent assistant. It can read emails, check your calendar, browse the web, and connect to just about any API you throw at it.

It's incredibly powerful. But there's a catch: for the AI to do anything useful, it needs credentials. GitHub tokens. Bluesky app passwords. Google OAuth. The works.

And here's where things get tricky: Claude is really good, but it's not perfect. Do you really want it firing off tweets at 3am because it thought you asked it to? Do you want it closing GitHub issues it shouldn't? Creating calendar events you never approved?

The answer is no. But you also don't want to babysit every single API call. You want the AI to be autonomous enough — to read everything, gather context, and prepare actions — but to stop and ask before actually changing anything.

The Solution: A Human in the Loop

That's where AgentGate comes in.

It's a simple proxy that sits between your AI agent and your APIs. The AI never sees your real credentials — it just gets an AgentGate bearer token. When it makes a request:

  • Pre-Authorized GET requests (reads) go through immediately. The AI can browse, search, and gather context freely.
  • POST/PUT/DELETE requests (writes) get queued for human approval. You review them in a web UI, approve or reject, and AgentGate executes the approved ones with the real credentials.

The AI still does 90% of the work. It drafts the post, prepares the GitHub comment, writes the calendar invite. You just sanity-check the final action before it goes live.

How It Works

Robot gatekeeper stopping another robot
  1. Configure your services — Add your API credentials to AgentGate. They stay on your server, never exposed to the AI.
  2. Give the AI a token — Your agent gets a single AgentGate bearer token and makes all API calls through it.
  3. Reads flow, writes wait — Pre-authorized reads go through. Writes land in a queue for your approval.

Why Not Just... Trust the AI?

Trust is earned through verification, not vibes.

The 3am tweet problem is real. AI agents are eager. They want to help. And sometimes "helping" means doing something you didn't actually want. Maybe it misunderstood. Maybe it hallucinated.

With AgentGate, at least you won't accidentally fire off a viral tweet you didn't write or send a calendar invite to your boss at midnight.

A Word of Caution

AgentGate controls what your AI can do, not what it can say. If your agent reads sensitive data, it could still leak it through other channels. Lock down your system prompt and be thoughtful about what you expose. Defense in depth still applies.

The Workflow in Practice

Check the queue over morning coffee. Approve the helpful actions, reject the weird ones. Claude keeps working in the background — reading, researching, drafting — and queues up actions for your next review. An assistant that never sends anything without sign-off.

Get Started

AgentGate is open source and self-hosted. Run it on your own server (or desktop), so your credentials never leave your infrastructure.

npx agentgate

Check out the GitHub repo for full setup instructions and supported services.

Your AI agent is one hallucination away from disaster. Make it ask for your permission first.