AIVM Brain gives OpenClaw a governed second brain over MCP. Add one server block to OpenClaw's config and your assistant can recall your projects, preferences, and documents in any conversation, on any channel, with permissions enforced and every access recorded in a tamper-evident ledger.
Connect OpenClaw to your brain
OpenClaw supports MCP servers (stdio and HTTP transports) through its configuration; see the OpenClaw docs for the exact file your version reads. The brain is a standard stdio MCP server.
Generate your key. Sign up free at brain.aivm.io, open Connect, pick API / MCP, and mint your agent key.
Add the server block. Add the brain under mcpServers in your OpenClaw configuration:
{ "mcpServers": { "aivm-brain": { "command": "npx", "args": ["-y", "@aivm/brain", "serve"], "env": { "AIVM_BRAIN_URL": "https://brain.aivm.io", "AIVM_AGENT_KEY": "ak_your_key" } } } }Test it from a channel you actually use. Message your OpenClaw on Telegram or WhatsApp, tell it a fact worth keeping, then ask for it the next day from a different channel. Cross-channel recall is the point.
OpenClaw's config layout is OpenClaw's to define and moves fast; its docs are the source of truth for where the mcpServers block lives in your version.
Memory that follows the conversation, not the channel
OpenClaw's superpower is being everywhere you are: the same assistant on WhatsApp, Telegram, Slack, Discord, iMessage. That reach makes per-conversation context the wrong shape for memory. The brief you discussed in a Telegram thread should be recallable when you follow up by voice on your Mac a week later.
With a brain attached, OpenClaw's knowledge is one governed store, not a scatter of chat histories. It recalls what you told it wherever you told it, and what it captures in one channel is there for the next, subject to the permissions you set.
Autonomy without governance is how assistants get uninstalled
Your OpenClaw runs jobs on its own schedule and acts while you are not watching. That is the value, and the risk. The brain's job is to make the knowledge side of that autonomy safe: your assistant's key is scoped to what it may read and write, sensitive fields can be redacted rather than whole documents blocked, and there is a kill switch that cuts a key's access instantly. Every recall and capture lands in a content-blind, tamper-evident log, so you can always answer the question 'what did my assistant actually touch?' with a record instead of a shrug.
If you share your OpenClaw setup with family or a small team, the same rules scale down: each person's facts stay theirs unless granted, and the ledger keeps everyone honest.