MCP Setup Guide · filesystem

How to Set Up Filesystem MCP with OpenClaw

The filesystem MCP is usually the first server to make work because it proves OpenClaw can start MCP tools and access a tightly scoped local folder.

Last reviewed: 2026-04. Verify against the latest OpenClaw docs before production use.

Who this is for / not for

Good fit

You want OpenClaw to read or edit one project folder.
You are debugging path not allowed or permission denied.
You need a safe scratch directory for generated files.

Not a fit

Opening your entire home directory because one path failed.
Granting access to SSH keys, cloud credentials, or production secrets.
Replacing enterprise file permissions or audit controls.

Before you paste this config

Create the folder first and put a harmless test file inside. Do not expose /, C:/, ~, ~/.ssh, ~/.aws, password managers, browser profiles, or production data directories.

Minimal working config

This is the shortest useful setup: one server, one relative path, one folder OpenClaw can inspect.

Minimal filesystem config json

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "./openclaw-workspace"]
    }
  }
}

Safer path boundaries

Keep source files and scratch output separate. Add paths deliberately, and remove them when the task is done. The most dangerous permission is broad write access to folders you do not review.

Safer filesystem config json

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem",
        "./openclaw-workspace",
        "./openclaw-scratch"
      ]
    }
  }
}

Relative paths resolve from the process directory used to launch OpenClaw.
Windows paths are safest as C:/Users/you/project or escaped backslashes.
Do not paste secrets into a config review. Replace usernames, company paths, and private repo names if needed.

Verify setup

Run this before adding GitHub, search, database, or browser MCPs.

Verify MCP server bash

mkdir -p openclaw-workspace openclaw-scratch
openclaw status

Expected result: OpenClaw shows filesystem as loaded or running. Then ask it to list ./openclaw-workspace and read a harmless file in that folder.

Common errors

path not allowed

Symptom: OpenClaw can start the server, but file reads fail. Cause: the file is outside the directories listed in args. Fix: add only the specific project folder you need, then retry. Ask for review when you are tempted to add your whole home directory just to make it work.

permission denied / EACCES

Symptom: the path is allowed but the OS refuses access. Cause: file ownership, locked folders, corporate policy, or read-only mounts. Fix: use a folder owned by your current user or adjust OS permissions outside OpenClaw.

command not found

Symptom: filesystem server never starts and the log mentions npx or node. Cause: Node.js is missing or PATH differs between your terminal and OpenClaw. Fix: confirm node -v and npx -v from the same shell you use to launch OpenClaw.

invalid JSON

Symptom: OpenClaw fails before filesystem starts. Cause: trailing comma, comments, unescaped Windows backslashes, or a missing mcpServers wrapper. Fix: validate the JSON block alone and prefer C:/Users/name/project style paths on Windows.

When to ask for review

Ask for review when the folder exists, the JSON validates, Node works, and OpenClaw still cannot start the server or keeps denying a path you believe is inside scope.

Example prompts after it works

"List files in ./openclaw-workspace and summarize what is there."
"Read README.md and tell me the setup steps."
"Create notes.md in openclaw-scratch with a draft checklist."

Related MCPs

GitHub MCP for repositories, issues, and pull requests.
Top 10 MCPs for a safer order of installation.