If you’ve spent any time inside OpenClaw, you already know it’s a playground for people who like to wire weird things together and see what happens. It’s a workflow engine, an automation surface, a security research toybox, and—if you squint—a universal adapter for anything with an API. So naturally, the next question becomes: what if OpenClaw could talk to Microsoft Copilot?
If you’ve spent any time inside OpenClaw, you already know it’s a playground for people who like to wire weird things together and see what happens. It’s a workflow engine, an automation surface, a security research toybox, and—if you squint—a universal adapter for anything with an API.
So naturally, the next question becomes: what if OpenClaw could talk to Microsoft Copilot?
Not the enterprise SKU. Not the Azure OpenAI endpoints. I mean the public-facing Microsoft Copilot web chat—the one everyone uses in their browser.
And what if you could plug that into OpenClaw as a model provider, letting your automations call Copilot for free (or at least “free enough” for experimentation)?
That’s exactly what this post is about.
We’re going to walk through:
Let’s get into it.
OpenClaw’s plugin model lets you define new “models” that tasks can call. Normally this means OpenAI, Anthropic, or local inference. But nothing stops you from pointing a model at a completely different backend—as long as you can speak its protocol.
Microsoft Copilot’s web chat is interesting because:
If you can capture the right headers and replay them, you can effectively treat Copilot as a model endpoint.
That’s where the msco-openclaw plugin comes in.
# Install the plugin via OpenClaw
openclaw plugins install @atomic-ai/msco-openclaw
# To update later
openclaw plugins update msco-openclaw
Auth step — copy the token from your browser and paste it into OpenClaw
openclaw models auth login --provider microsoft-copilot --set-default
When you open https://copilot.microsoft.com, your browser establishes a session with a backend service that looks a lot like a typical chat-completions API.
Under the hood, the browser sends:
The backend responds with:
This isn’t documented, but it’s not obfuscated either. It’s just a normal web API.
Open your browser devtools → Network tab → filter for chat or conversation. You’ll see requests with an Authorization: Bearer <token> header.
Copy that token.
That’s the credential your plugin will use.
Important:
This blog post is for educational and research purposes. Don’t share tokens, don’t embed them in code, and don’t use them in production.
Inside your workspace, the plugin lives under msco-openclaw/. It defines a single model provider named copilot.
At a high level, the plugin does three things:
You configure it in your OpenClaw:
openclaw models auth login --provider microsoft-copilot
The plugin constructs the same JSON payload the browser sends, including:
Then it POSTs that to the Copilot chat endpoint.
OpenClaw expects a simple structure:
{
"text": "...model output...",
"tokensUsed": 123
}
The plugin extracts the generated text from Copilot’s response and returns it in that shape.
This means any OpenClaw task can now do:
model("copilot").ask("Summarize this log file")
And Copilot will answer.
Copilot is good at:
In fact, the Copilot integration not only drafted this entire post, but it posted it via an API endpoint.
Because the plugin hits the same endpoint as the browser, you get Bing search integration for free.
For example:
If your paid API quota is exhausted, Copilot can act as a backup.
Copilot rate-limits aggressively.
The conversation state is ephemeral.
This is a web UI backend, not a stable API.
This is for experimentation, research, and tinkering.
If you’re a security researcher, this integration is a goldmine for studying:
But be responsible:
This is a research toy, not a hardened integration.
There’s a lot of room to expand:
If you want to take this further, the plugin is intentionally small and hackable.
Final Thoughts
Integrating Microsoft Copilot with OpenClaw is one of those projects that feels a bit mischievous—in the best possible way. You’re not breaking anything. You’re not bypassing paywalls. You’re just using the same API your browser uses, but wiring it into a programmable automation engine.
It’s a perfect example of the OpenClaw ethos:
│ If it has an API, we can plug it in. If it doesn’t have an API, we can still plug it in.
Have fun, stay safe, and keep building weird things.
Chief Technology Officer writing about AI systems, software architecture, cyber security, cryptography, and the practical realities of technology leadership.