That’s actually the one you get if you search for OmniFocus under Connectors in Claude (local to desktop)…
However, to make it into a web connector:
- Wrap it in a web server. I used FastAPI. It does nothing but pass the MCP’s output to web requests.
- Attach some kind of authentication. You can do a password. I used Google’s OAuth, which you can set up through their cloud platform
- Make it accessible from the internet. This is highly dependent on your own setup. But you will need to have your firewall open to its traffic, a reverse proxy (e.g., nginx or traefik), and have an IP to point DNS (to allow you to point to a web address like mcp.yourserver.com). For the latter, you can use a service like DuckDNS to periodically update your DNS record (and hence where your-chosen-name.duckdns.org points to).
The last bullet point was easy for me, because I already have web accessible services I self-host—as such, I just added a few entries. If you don’t already have that set up, that’s probably the hardest part. Claude Code can probably help you walk through all of the first two bullets.
You could potentially simplify this with something like Cloudflare Tunnel as well, but I’ve only explored it and haven’t used it yet.
This is great, but as a neophyte AI Agent builder I still don't understand all the security concerns. I presume you are giving Claude access to a lot of confidential data through this agent, how do you ensure it remains confidential?
My main concern is OpenClaw, which a surprising number of people jumped into without understanding. The way it’s set up just opens up a lot of holes and there’s a lot of actively malicious exploits on it right now.
In terms of non-OpenClaw agents… we mainly have had few organized attempts in the wild to attack agents. There just aren’t that many people using these right now. That’s what is partly protecting us right now. But that likely won’t last forever and “security through obscurity” isn’t a great model. I’ve seen demos where it’s pretty easy to do exfiltration attacks with unfettered internet access.
So, to clarify, it isn’t worries about “oh no, my data is going somewhere” (bird has already flown the coop with that one with all major tech companies). The worry is that an agent without enough controls can be easily hijacked by an attacker.
For some reason, my comment disappeared. But thanks! And also, yes, I did see it. I found it extremely cringeworthy that someone thought it was appropriate to unleash bot spam upon open source projects—as if the issue with big ones (which were the only ones it targeted) were TOO FEW random, low quality pull requests to review…
I feel a bit cheated, I didn’t get the clear instructions I expected. As a zero technical person I still feel I was being sold to, to use your program without fully explaining what it entails.
I’m sorry you feel that way. What is the part you didn’t fully understand? I’d be happy to help if I can, and the feedback is helpful regardless.
I definitely tried to make it as “out of the box” as possible, because I found I lost a lot of people even asking them to open the terminal or a text editor.
Just to be clear here, everything here is a template. You can modify it as much as you’d like (and obviously I get nothing out of you using it). It isn’t my program either—I’m just providing text instructions for 2 out of the 3 examples and the last one is also just text/settings… I just provided it as an easier download so this article wouldn’t be 10k words that I suspect most people still wouldn’t be able to implement.
Please tell me all about your OmniFocus web custom connector for Claude
Underneath, it’s this one: https://github.com/themotionmachine/OmniFocus-MCP
That’s actually the one you get if you search for OmniFocus under Connectors in Claude (local to desktop)…
However, to make it into a web connector:
- Wrap it in a web server. I used FastAPI. It does nothing but pass the MCP’s output to web requests.
- Attach some kind of authentication. You can do a password. I used Google’s OAuth, which you can set up through their cloud platform
- Make it accessible from the internet. This is highly dependent on your own setup. But you will need to have your firewall open to its traffic, a reverse proxy (e.g., nginx or traefik), and have an IP to point DNS (to allow you to point to a web address like mcp.yourserver.com). For the latter, you can use a service like DuckDNS to periodically update your DNS record (and hence where your-chosen-name.duckdns.org points to).
The last bullet point was easy for me, because I already have web accessible services I self-host—as such, I just added a few entries. If you don’t already have that set up, that’s probably the hardest part. Claude Code can probably help you walk through all of the first two bullets.
You could potentially simplify this with something like Cloudflare Tunnel as well, but I’ve only explored it and haven’t used it yet.
This is great, but as a neophyte AI Agent builder I still don't understand all the security concerns. I presume you are giving Claude access to a lot of confidential data through this agent, how do you ensure it remains confidential?
My main concern is OpenClaw, which a surprising number of people jumped into without understanding. The way it’s set up just opens up a lot of holes and there’s a lot of actively malicious exploits on it right now.
In terms of non-OpenClaw agents… we mainly have had few organized attempts in the wild to attack agents. There just aren’t that many people using these right now. That’s what is partly protecting us right now. But that likely won’t last forever and “security through obscurity” isn’t a great model. I’ve seen demos where it’s pretty easy to do exfiltration attacks with unfettered internet access.
So, to clarify, it isn’t worries about “oh no, my data is going somewhere” (bird has already flown the coop with that one with all major tech companies). The worry is that an agent without enough controls can be easily hijacked by an attacker.
A useful article. To me, that is the height of success. To produce something actually useful. Thank you.
BTW, did you see the recent news on an open claw bot harassing a reviewer on GitHub?
https://spectrum.ieee.org/agentic-ai-agents-blackmail-developer
For some reason, my comment disappeared. But thanks! And also, yes, I did see it. I found it extremely cringeworthy that someone thought it was appropriate to unleash bot spam upon open source projects—as if the issue with big ones (which were the only ones it targeted) were TOO FEW random, low quality pull requests to review…
I feel a bit cheated, I didn’t get the clear instructions I expected. As a zero technical person I still feel I was being sold to, to use your program without fully explaining what it entails.
I’m sorry you feel that way. What is the part you didn’t fully understand? I’d be happy to help if I can, and the feedback is helpful regardless.
I definitely tried to make it as “out of the box” as possible, because I found I lost a lot of people even asking them to open the terminal or a text editor.
Just to be clear here, everything here is a template. You can modify it as much as you’d like (and obviously I get nothing out of you using it). It isn’t my program either—I’m just providing text instructions for 2 out of the 3 examples and the last one is also just text/settings… I just provided it as an easier download so this article wouldn’t be 10k words that I suspect most people still wouldn’t be able to implement.