Using ClawHub
Auth
Auth
ClawHub uses GitHub for web sign-in. The CLI uses ClawHub API tokens created through that signed-in account.
Web sign-in
Use GitHub to sign in at clawhub.ai.
Deleted, banned, or disabled accounts cannot complete normal ClawHub sign-in. If sign-in returns you to a logged-out state, your account may not be in good standing.
CLI login
The default CLI login flow opens your browser:
clawhub login
clawhub whoami
What happens:
- The CLI starts a temporary callback server on
127.0.0.1. - Your browser opens the ClawHub sign-in page.
- After GitHub sign-in, ClawHub creates an API token.
- The browser redirects back to the local callback.
- The CLI stores the token in your ClawHub config file.
If your browser cannot reach the local callback because of firewall, VPN, or proxy rules, use the headless token flow.
Headless login
Create a token in the ClawHub web UI, then pass it to the CLI:
clawhub login --token clh_...
Use this flow for servers, CI jobs, or terminal-only environments.
Token storage
Default config paths:
- macOS:
~/Library/Application Support/clawhub/config.json - Linux/XDG:
$XDG_CONFIG_HOME/clawhub/config.jsonor~/.config/clawhub/config.json - Windows:
%APPDATA%\\clawhub\\config.json
Override the path with:
export CLAWHUB_CONFIG_PATH=/path/to/config.json
Revocation
You can revoke API tokens in the ClawHub web UI.
Revoked, invalid, or missing tokens return 401 Unauthorized. Sign in again
with clawhub login or provide a fresh token with clawhub login --token.
Deleted, banned, or disabled accounts cannot continue using existing API tokens.