Integrating Microsoft Copilot with OpenClaw: A Vibe‑Coder’s Guide to Free AI Superpowers

If you’ve spent any time inside OpenClaw, you already know it’s a playground for people who like to wire weird things together and see what happens. It’s a workflow engine, an automation surface, a security research toybox, and—if you squint—a universal adapter for anything with an API.

So naturally, the next question becomes: what if OpenClaw could talk to Microsoft Copilot?

Not the enterprise SKU. Not the Azure OpenAI endpoints. I mean the public-facing Microsoft Copilot web chat—the one everyone uses in their browser.

And what if you could plug that into OpenClaw as a model provider, letting your automations call Copilot for free (or at least “free enough” for experimentation)?

That’s exactly what this post is about.

We’re going to walk through:

• How the public Copilot web chat works under the hood
• How to extract a bearer token from an active session
• How the msco-openclaw plugin wires that token into OpenClaw’s model system
• What you can (and can’t) do with this integration
• Security notes for responsible researchers

Let’s get into it.

Why Copilot + OpenClaw?

OpenClaw’s plugin model lets you define new “models” that tasks can call. Normally this means OpenAI, Anthropic, or local inference. But nothing stops you from pointing a model at a completely different backend—as long as you can speak its protocol.

Microsoft Copilot’s web chat is interesting because:

• It’s free to use in the browser
• It exposes a JSON-based chat API behind the scenes
• It supports both chat and search-augmented responses
• It’s fast, stable, and surprisingly capable

If you can capture the right headers and replay them, you can effectively treat Copilot as a model endpoint.

That’s where the msco-openclaw plugin comes in.

How to Install

  # Install the plugin via OpenClaw
  openclaw plugins install @atomic-ai/msco-openclaw

  # To update later
  openclaw plugins update msco-openclaw

Auth step — copy the token from your browser and paste it into OpenClaw

1. Open the copilot chat page in your browser. Open your browser devtools → Network tab → filter for chat or conversation (might need to filter by XHR or Socket). You’ll see requests with an Authorization: Bearer <token> header.
2. In your terminal, run the OpenClaw auth command and paste the token when prompted:

  openclaw models auth login --provider microsoft-copilot --set-default

3. When OpenClaw asks for the token, paste the value you copied and press Enter. You should see a confirmation that the provider is authenticated and set as the default.

After running the install command, restart OpenClaw so the new plugin is loaded.

How the Copilot Web Chat Actually Works

When you open https://copilot.microsoft.com, your browser establishes a session with a backend service that looks a lot like a typical chat-completions API.

Under the hood, the browser sends:

• A bearer token tied to your Microsoft account session
• A conversation ID
• A chat payload containing your messages

The backend responds with:

• A streaming or chunked JSON response
• Search results (if applicable)
• The model’s generated text

This isn’t documented, but it’s not obfuscated either. It’s just a normal web API.

Extracting the Bearer Token (for research purposes)

Open your browser devtools → Network tab → filter for chat or conversation. You’ll see requests with an Authorization: Bearer <token> header.

Copy that token.

That’s the credential your plugin will use.

Important:

• This token is tied to your logged-in session.
• It expires.
• It grants access only to Copilot chat, not your Microsoft account.
• Treat it like any other credential.

This blog post is for educational and research purposes. Don’t share tokens, don’t embed them in code, and don’t use them in production.

The msco-openclaw Plugin: How It Works

Inside your workspace, the plugin lives under msco-openclaw/. It defines a single model provider named copilot.

At a high level, the plugin does three things:

1. Accepts a Copilot bearer token

You configure it in your OpenClaw:

  openclaw models auth login --provider microsoft-copilot

2. Implements the Copilot chat protocol

The plugin constructs the same JSON payload the browser sends, including:

• conversation state
• message list
• search options
• model hints

Then it POSTs that to the Copilot chat endpoint.

3. Normalizes the response into OpenClaw’s model format

OpenClaw expects a simple structure:

  {
    "text": "...model output...",
    "tokensUsed": 123
  }

The plugin extracts the generated text from Copilot’s response and returns it in that shape.

This means any OpenClaw task can now do:

  model("copilot").ask("Summarize this log file")

And Copilot will answer.

What You Can Do With This Integration

✔️ Automate research tasks

Copilot is good at:

• summarizing logs
• explaining code
• generating shell commands
• answering security questions
• drafting text

In fact, the Copilot integration not only drafted this entire post, but it posted it via an API endpoint.

✔️ Use search-augmented answers

Because the plugin hits the same endpoint as the browser, you get Bing search integration for free.

✔️ Build OpenClaw workflows that call Copilot

For example:

• A task that ingests a file, asks Copilot to summarize it, and stores the result
• A task that uses Copilot to classify alerts
• A task that uses Copilot to rewrite code snippets

✔️ Use it as a fallback model

If your paid API quota is exhausted, Copilot can act as a backup.

What You Can’t Do

❌ High-volume automation

Copilot rate-limits aggressively.

❌ Long-running or multi-turn agent loops

The conversation state is ephemeral.

❌ Anything requiring guaranteed uptime

This is a web UI backend, not a stable API.

❌ Production workloads

This is for experimentation, research, and tinkering.

Security Notes (Read This)

If you’re a security researcher, this integration is a goldmine for studying:

• how consumer AI services authenticate
• how web chat protocols differ from official APIs
• how search-augmented LLMs behave under automation

But be responsible:

• Don’t share tokens
• Don’t automate other people’s accounts
• Don’t treat Copilot as a secure or private channel
• Don’t rely on this for sensitive data

This is a research toy, not a hardened integration.

Future Work

There’s a lot of room to expand:

• Automatic token refresh via browser automation
• Support for streaming responses
• Multi-turn conversation memory
• A safer token-handling flow
• A UI for managing Copilot sessions inside OpenClaw

If you want to take this further, the plugin is intentionally small and hackable.

Final Thoughts

Integrating Microsoft Copilot with OpenClaw is one of those projects that feels a bit mischievous—in the best possible way. You’re not breaking anything. You’re not bypassing paywalls. You’re just using the same API your browser uses, but wiring it into a programmable automation engine.

It’s a perfect example of the OpenClaw ethos:

│ If it has an API, we can plug it in. If it doesn’t have an API, we can still plug it in.

Have fun, stay safe, and keep building weird things.

Source

• NPM Package: (msco-openclaw)[https://www.npmjs.com/package/@atomic-ai/msco-openclaw]
• Github Repo: (msco-openclaw)[https://github.com/atomic-reactor/msco-openclaw]