GhostClaw

What Is GhostClaw?

GhostClaw is an autonomous AI agent that runs 24/7 on a dedicated machine — a Mac Mini, VPS, or spare laptop. You talk to it like a co-worker over Telegram or WhatsApp; it does stuff. No containers, no cloud dependencies — just Node.js, Claude as a child process, and SQLite for state.

It’s a fork of NanoClaw (itself inspired by OpenClaw), extended with a Telegram-first interface and a plugin/skills system built around Claude Code commands. Out of the box it ships with web research, scheduled tasks via natural language, per-chat personality files (CLAUDE.md), and a localhost dashboard. The /add-gmail-agent plugin extends it to read and send email from a linked Gmail account.

The Identity Problem

GhostClaw runs autonomously and does real-world work: signing up for services, receiving verification codes, sending emails. The current approach stitches together personal accounts — your Gmail via OAuth, your Telegram number for SMS OTPs, API keys in a .env file on disk.

That creates three friction points:

1. Personal accounts tied to agent actions — when GhostClaw signs up for a service using /add-gmail-agent, it acts as you, not as itself. There is no separation between your inbox and its inbox.
2. SMS OTPs have no clean path — verification codes go to a Telegram-linked number, which is a workaround, not a solution.
3. Credentials on disk — .env files on shared or headless hardware are a liability.

Where Ravi Fits

Ravi provides the identity layer GhostClaw is missing: a dedicated email address, a real phone number for SMS, and an E2E encrypted secret store — all scoped to the agent, not the user.

1. Agent Email Identity

Instead of granting GhostClaw OAuth access to your personal Gmail, provision a Ravi identity for it. The agent gets its own inbox (ghostclaw@your-domain.ravi.app or similar), signs up for external services with that address, and receives verification emails there. Your personal Gmail is never touched.

2. SMS OTP Handling

Ravi provides a real phone number in E.164 format. GhostClaw can trigger SMS verifications to that number and read them back via the Ravi SMS API — a clean, auditable path instead of routing codes through a Telegram workaround.

3. Encrypted Credential Vault

API keys for Claude, ElevenLabs, and the Telegram bot token currently live in .env on disk. Ravi’s E2E encrypted secrets store is a drop-in upgrade: keys are stored encrypted, fetched at runtime, and never written to the filesystem in plaintext. Especially valuable on shared hardware.

4. Identity at Scale

GhostClaw’s roadmap includes swarms (/add-telegram-swarm). As you add more agents, each needs its own stable identity — its own email, phone, and credential set — or they all share one account and become indistinguishable. Ravi is designed for exactly this: one identity per agent, provisioned programmatically.

Integration Guide

Option A: Manual Setup

1. Provision a Ravi identity for your GhostClaw agent via the Ravi dashboard or API. Note the agent email address and phone number.

2. Configure the email inbox — replace the Gmail OAuth flow with Ravi’s inbox API. GhostClaw can poll for new messages using the Ravi email endpoints.

3. Configure SMS — point any service that needs SMS verification to the Ravi phone number. Read incoming codes via GET /sms/conversations.

4. Migrate secrets — move your Claude API key, ElevenLabs key, and Telegram bot token from .env into Ravi’s secrets store. Fetch them at startup via GET /secrets/{key}.

Option B: ravi-identity Skill (Recommended)

Install a ravi-identity skill directly into your GhostClaw instance:

/add-ravi-identity

This Claude Code command:

• Provisions a Ravi email address and phone number for the agent
• Injects the credentials into the GhostClaw runtime
• Replaces the Gmail OAuth flow with a Ravi inbox reader
• Updates CLAUDE.md automatically so the agent knows its own contact details

The agent can then receive verification emails and SMS OTPs without touching any personal accounts. The skill fits GhostClaw’s existing plugin model — one command to install, no manual config.

API Reference

GhostClaw skills interact with Ravi using standard HTTP:

// Read latest email
const res = await fetch('https://api.ravi.app/v1/email/threads', {
  headers: { Authorization: `Bearer ${process.env.RAVI_API_KEY}` }
});

// Read latest SMS
const sms = await fetch('https://api.ravi.app/v1/sms/conversations', {
  headers: { Authorization: `Bearer ${process.env.RAVI_API_KEY}` }
});

// Fetch a secret at runtime
const secret = await fetch('https://api.ravi.app/v1/secrets/CLAUDE_API_KEY', {
  headers: { Authorization: `Bearer ${process.env.RAVI_API_KEY}` }
});

Why This Matters

GhostClaw’s value proposition is an agent that runs as a peer — not a tool you invoke, but a co-worker that acts autonomously on your behalf. That peer relationship only works cleanly if the agent has its own identity: its own email it checks, its own phone it answers, its own credentials it manages.

Ravi provides that identity layer. The NanoClaw/GhostClaw ecosystem already uses OpenClaw-compatible skills, making this a natural distribution path for Ravi integrations into the self-hosted agent community.

Further Reading

• GhostClaw GitHub
• Ravi Identity API
• Ravi Secrets Store