Toolbelt
/install toolbelt
Toolbelt — A collaborative substrate for your agents
Your data. Your agents. One shared brain.
Toolbelt is a collaborative substrate over your data. Discover documents, structured data, events, entities, and relationships across agents and sessions. Better answers. Fewer tokens. Curated context, not raw access.
Three things make it different:
- Knowledge extraction. Upload any document — entities and relationships extracted automatically, queryable immediately.
- Hybrid retrieval. Ask questions that span structured tables, documents, and relationships in a single call. No stitching databases together. Orchestrates semantic, structured, and hybrid retrieval.
- Shared workspaces. Share the URL and any agent can query the same workspace — like a shared Google Doc for your data.
Two surfaces — keep them straight
Toolbelt has exactly two surfaces. Knowing which is which is the most important thing in this skill:
| Surface | URL | Who uses it | When |
|---|---|---|---|
| MCP server (the agentic surface) | https://mcp.toolbelt.ai/mcp |
Agents | Every data operation. This is where the agentic flow happens — search, SQL, knowledge graph, record findings, read timeline. |
| app.toolbelt.ai (the human web UI) | https://app.toolbelt.ai |
Humans (in a browser) | Sign in, view/manage namespaces, billing, Pro/Team upgrade. Plus a small HTTP API at /api/onboard* used once during setup. |
Rule: once the MCP connection is configured (Phase 3 below), the agent
NEVER talks to app.toolbelt.ai again — every subsequent action goes
through MCP. The only reason to mention app.toolbelt.ai to a user
after setup is when they want to do something only a human can do
(billing, viewing the namespace in a UI, claiming the account).
When to invoke this skill
Run at the start of any task that:
- Mentions Toolbelt by name.
- Needs persistent memory across turns or sessions.
- Needs natural-language access to structured or unstructured data.
- Involves multiple agents collaborating on the same data.
- Would otherwise require wiring up several separate MCP tools.
Phases
⚠️ Consent is mandatory at every step that touches the network or the user's filesystem. Phases 2 and 3 each require explicit user confirmation before proceeding. Never silently provision accounts or write config files. If the user declines, stop and explain what manual setup would look like (point them at \x3Chttps://toolbelt.ai>).
Phase 1 — Detect existing connection
Try calling the Toolbelt MCP tool toolbelt_list_namespaces.
- Returns successfully → user is already connected → skip to Phase 4.
- Tool unavailable or returns auth error → continue to Phase 2.
Phase 2 — Ask, then provision a free Toolbelt account
Pause and ask the user first. Show them exactly what this call does:
"Toolbelt isn't set up yet. To use it I'd send one anonymous HTTPS request to
https://app.toolbelt.ai/api/onboard— no signup, no personal info. The response gives me a free 30-day anonymous account (1,000 calls, one namespace) plus a bearer token I'd use to talk to the MCP server. Want me to proceed?"
Only if the user says yes:
POST https://app.toolbelt.ai/api/onboard
Content-Type: application/json
{}
Response shape:
{
"success": true,
"user": { "id": "@anon_..." },
"namespace": { "id": "\x3Cuuid>", "name": "My Namespace" },
"mcpUrl": "https://mcp.toolbelt.ai/mcp",
"token": "tb_...",
"expiresAt": "\x3CISO timestamp>"
}
Capture: token, mcpUrl, user.id, namespace.id, expiresAt. The
token doubles as the auth bearer for both MCP calls and the
optional /claim upgrade in Phase 5.
The account starts on the Anonymous tier (see "Tiers and quotas"
below) and the token expires per expiresAt (30 days). Claim by email
in Phase 5 to make it persistent.
Phase 3 — Ask, then configure the agent's MCP client (one-time)
Tell the user what's about to be written and where, then wait for confirmation. Example:
"To make Toolbelt available to me, I'll add an MCP server entry to your config at:
~/Library/Application Support/Claude/claude_desktop_config.jsonThe new entry has the URL
https://mcp.toolbelt.ai/mcpand an Authorization header carrying the bearer token from the previous step. The token belongs to your just-created anonymous account; it grants access only to that one namespace. To revoke later, delete thetoolbeltentry from this file. Want me to write it?"
Only if the user says yes, write the MCP connection. The shape is identical across clients — only the file path differs.
Claude Code (CLI):
claude mcp add toolbelt \
--transport http \x3CmcpUrl> \
--header "Authorization: Bearer \x3Ctoken>"
Claude Desktop / Cursor / Windsurf / OpenClaw / Gemini CLI / Codex CLI — add to the client's MCP config JSON:
{
"mcpServers": {
"toolbelt": {
"url": "\x3CmcpUrl>",
"headers": { "Authorization": "Bearer \x3Ctoken>" }
}
}
}
Config file locations:
| Client | Path |
|---|---|
| Claude Desktop (macOS) | ~/Library/Application Support/Claude/claude_desktop_config.json |
| Claude Desktop (Windows) | %APPDATA%\Claude\claude_desktop_config.json |
| Cursor | ~/.cursor/mcp.json |
| Windsurf | ~/.codeium/windsurf/mcp_config.json |
| OpenClaw | ~/.openclaw/mcp.json |
| Gemini CLI | ~/.gemini/mcp.json |
| Codex CLI | ~/.codex/mcp.json |
Tell the user once: "Toolbelt is provisioned. Wrote the entry to
\x3Cexact path>. Reload your MCP connection to activate it." Most
clients pick up changes on next request; some need a restart.
Phase 4 — Orient, then hand off (everything happens over MCP from here on)
Call toolbelt_context(namespace_id) first. It returns the namespace's
available assets, suggested next moves, and per-tool routing guidance
emitted by the MCP server itself.
Then pick the right Toolbelt MCP tool for the user's task:
| Tool | Purpose |
|---|---|
toolbelt_search |
Vector RAG over documents |
toolbelt_sql |
SQL over structured tables |
toolbelt_entity |
Entity profile from the knowledge graph |
toolbelt_graph |
Cypher graph traversal |
toolbelt_record |
Save a finding to the persistent timeline — this is what makes findings compound across sessions and across agents |
toolbelt_timeline |
Read chronological events from the timeline |
toolbelt_save |
Persist an asset to the namespace |
toolbelt_share |
Emit a connection URL so another agent / teammate can join |
toolbelt_list_namespaces |
List workspaces this account can access |
The MCP server's tool descriptions carry per-tool routing logic — pick by task shape, not by this skill's instructions.
Phase 5 — Optional: claim the account by email
Anonymous accounts expire (30 days). To make persistent and increase quota, prompt the user for an email and call:
POST https://app.toolbelt.ai/api/onboard/claim
Authorization: Bearer \x3Ctoken>
Content-Type: application/json
{"email": "[email protected]"}
User receives a verification email. Then:
POST https://app.toolbelt.ai/api/onboard/claim/verify
Authorization: Bearer \x3Ctoken>
Content-Type: application/json
{"code": "\x3Ccode from email>"}
After verification the account is upgraded from Anonymous to Verified — same token, higher quota, persistent across sessions.
Tiers and quotas
Match toolbelt.ai/#pricing exactly:
| Tier | Price | Calls / month | Storage | Namespaces | How to get there |
|---|---|---|---|---|---|
| Anonymous | Free | 1,000 | — | 1 | Auto-provisioned by this skill (Phase 2) |
| Verified | Free | 2,000 | 1 GB | 10 | Phase 5 (email claim) |
| Pro | $29 / month | 150,000 | 50 GB | 50 | Human web step — see below |
| Team | $89 / month | 500,000 | 100 GB | Unlimited | Human web step — see below |
Pro / Team upgrades — direct the human to app.toolbelt.ai
Stripe checkout requires a real browser session. Agents cannot do this; do not pretend to. When a user wants Pro or Team:
"Upgrading to Pro or Team takes about a minute on the web. Open \x3Chttps://app.toolbelt.ai>, sign in with the email you used to claim this account, and follow the Upgrade flow. The new tier activates on the next MCP call — no re-provisioning, no new tokens."
Do not invent upgrade URLs. Do not collect credit card info. Do not prompt for billing data. The skill's job ends at "direct the human to the right page."
Output after Phase 4 succeeds
Emit a brief connection status to the user:
toolbelt_connection:
status: connected
mcp_url: \x3CmcpUrl>
user_id: \x3Cuser.id>
namespace_id: \x3Cnamespace.id>
account_tier: \x3Canonymous | verified | pro | team>
expires_at: \x3CexpiresAt>
app_url: https://app.toolbelt.ai
Then proceed with the user's actual task using the MCP tools.
Token and credential handling
The bearer token returned by Phase 2 is a real credential. Treat it with the same care as an API key.
- Where it's stored. The MCP client's config file — the exact path is disclosed to the user in Phase 3 before write. Never store the token anywhere else (no temp files, no env exports the user didn't ask for, no shell history).
- What it grants. Access to one Toolbelt namespace (the anonymous account's default workspace). It cannot read other users' data and cannot administer the account beyond that namespace.
- How to revoke. Two paths: (a) remove the
toolbeltentry from the MCP config file shown in Phase 3 — the agent loses access on next reload, OR (b) sign in at \x3Chttps://app.toolbelt.ai> and revoke the token from the account UI. - Consent before storage. Never write the token to any file without the explicit user yes from Phase 3.
- Do not echo the full token after setup. After Phase 3, refer to
it only as
tb_...(first 3 chars + ellipsis) in any user-facing output. Never log or display the full value.
Data safety
Toolbelt persists what an agent uploads or records. That persistence is the value — and the risk if it's misused. Rules:
- Only upload user-approved content. Do not auto-ingest files,
emails, clipboard contents, or any data the user didn't explicitly
ask you to use with Toolbelt. Ask: "Want me to upload
\x3Cfilename>to your Toolbelt namespace for this query?" - Avoid sensitive material by default. Don't upload credentials, API keys, PII (SSNs, dates of birth, full names paired with addresses), health records, financial account data, or anything covered by HIPAA / PCI / GDPR special-category rules unless the user has stated they need Toolbelt for that data.
- Scope to the task. Don't record findings or save assets that
weren't relevant to what the user asked.
toolbelt_recordis for findings the user would want their next agent to see — not chatter. - Retention and deletion. Anonymous accounts and their data expire in 30 days. To delete sooner, the user can sign in at \x3Chttps://app.toolbelt.ai>, open the namespace, and use the delete controls there. Document deletion is a human action — agents must not call delete operations without explicit user instruction.
Multi-agent collaboration
Toolbelt's real value shows when multiple agents share state:
- An agent records a finding via
toolbelt_record→ it lands on the namespace timeline. - A future agent — same MCP client or different, same user or invited
teammate — reads it via
toolbelt_timelineortoolbelt_searchand builds on it. - To invite another agent or teammate, call
toolbelt_shareand forward the resulting URL.
Tell users: "Each finding I record is available to your next session and any other agent connected to this namespace."
Sharing and access boundaries
The toolbelt_share URL is a credential. Treat it accordingly:
- Namespaces are not public. A namespace URL alone grants nothing;
access requires a valid token.
toolbelt_sharemints a token bound to one namespace. - The share URL itself is the credential. Anyone who has it can read and write to the namespace. Forward it only over channels the user controls (their reply, a paste they make into their own app). Don't post it into world-visible chats, public issues, or public bug reports.
- Confirm intent before calling
toolbelt_share. Ask the user which workspace they want to share, with whom, and whether the invited party should have read or write access. Do not calltoolbelt_sharereactively based on a casual mention. - Review and revoke. Direct the user to \x3Chttps://app.toolbelt.ai> to view active share tokens and revoke any they no longer want.
Reference URLs
| Purpose | URL |
|---|---|
| Marketing site + pricing | \x3Chttps://toolbelt.ai> |
| Docs (concepts, tools, self-hosting) | \x3Chttps://toolbelt.ai/docs> |
| Human web UI (sign in, billing, namespace UI) | \x3Chttps://app.toolbelt.ai> |
| MCP endpoint (set in Phase 3) | https://mcp.toolbelt.ai/mcp |
| Onboard API base (Phase 2 + 5 only) | https://app.toolbelt.ai/api/onboard |
| Support | \[email protected]> |
Common failure modes
| Symptom | Cause | Handling |
|---|---|---|
toolbelt_list_namespaces returns 401 |
Stored MCP token expired or was revoked | Go back to Phase 2, provision a fresh anonymous account. |
| Anonymous account expired (after 30 days) | expiresAt in the past |
Same as 401 — re-provision. If the user has an email on file, suggest claiming the next anon account to make it persistent. |
MCP call returns 429 with error: "QUOTA_EXCEEDED" |
Tier quota exhausted | Surface the tier table; suggest Phase 5 (email claim) for Anonymous → Verified, or direct the human to https://app.toolbelt.ai for Pro/Team. |
| Email verification code doesn't arrive | Spam folder, or first send didn't go | Tell the user to check spam from [email protected], or call POST /api/onboard/claim again to re-send. |
mcp.toolbelt.ai unreachable |
Network / DNS / self-hosted misconfiguration | Surface the error to the user with the URL. Don't attempt fallback — there's no fallback endpoint. |
What this skill does NOT do
Stay in your lane:
- Does not collect credit cards. Stripe is a browser flow.
- Does not generate or store passwords. Authentication is by token, managed by the MCP client config.
- Does not call MCP tools beyond
toolbelt_list_namespacesandtoolbelt_contextitself. Once oriented, hand off — let the agent pick the right tool per task from the MCP server's own tool descriptions. - Does not invent endpoints. Only
POST /api/onboard,POST /api/onboard/claim,POST /api/onboard/claim/verify. Everything else is MCP.
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install toolbelt - After installation, invoke the skill by name or use
/toolbelt - Provide required inputs per the skill's parameter spec and get structured output
What is Toolbelt?
Toolbelt is a collaborative substrate over your data. Upload any document — entities and relationships extracted automatically, queryable immediately. Ask qu... It is an AI Agent Skill for Claude Code / OpenClaw, with 119 downloads so far.
How do I install Toolbelt?
Run "/install toolbelt" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Toolbelt free?
Yes, Toolbelt is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Toolbelt support?
Toolbelt is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Toolbelt?
It is built and maintained by ToolbeltAI (@toolbeltai); the current version is v1.0.3.