botcontrol.ai is a real-time control plane for OpenClaw AI agents. Monitor status, send tasks, open terminals, and manage integrations — all from your browser.
botcontrol.ai is a web-based dashboard that lets you remotely monitor and control AI agents running on OpenClaw — anywhere in the world. Whether your agents run on a VPS, a home server, or a cloud instance, you get a single pane of glass to see what they're doing and tell them what to do next.
Think of it as mission control for your AI workforce. Each agent appears as a card with real-time status, uptime, and current task. Click into any agent to open a full workspace with chat, terminal access, and integration management.
First-class integration with the OpenClaw agent framework. Install a plugin, restart, done.
Running agents on multiple machines? See them all in one place without SSH-ing into each one.
Deploy agents for clients, monitor uptime, and send commands remotely — no VPN required.
Experiment with AI agents across environments. Live terminal + chat makes debugging fast.
Automate workflows with broadcast commands, scheduled tasks, and integration nodes.
Live WebSocket connection shows agent status, uptime, and current task instantly.
Send natural language commands to any agent. It executes them and reports back in real time.
Full shell access to the agent's host machine, streamed through WebSocket. No SSH needed.
Send a single command to all connected agents at once. Perfect for fleet management.
One click to see OS, CPU, memory, disk, and uptime of the agent's host machine.
Email, Wallet, Card, Phone, Jobs, Social — plug capabilities into your agents visually.
Full dark theme support. Your eyes will thank you during those late-night debugging sessions.
TLS encryption, Firebase authentication, per-bot API keys. Everything encrypted in transit.
When you give a platform control over remote machines, security isn't optional — it's the foundation. Here's how botcontrol.ai protects your agents, your data, and your infrastructure.
All traffic uses TLS 1.3. Dashboard connections are HTTPS. Agent WebSocket connections are WSS. No plaintext ever leaves your machine.
Firebase Authentication handles sign-in. Every API request and WebSocket upgrade is verified server-side with JWT token validation.
Each bot runs in its own Cloudflare Durable Object — a dedicated, isolated compute instance. No bot can access another bot's data or connections.
Every byte of data between your browser, our servers, and your agents travels over encrypted channels. The dashboard is served over HTTPS with TLS 1.3 via Cloudflare's global network. Agent-to-server connections use WSS (WebSocket Secure), ensuring that commands, terminal output, and chat messages cannot be intercepted or tampered with in transit.
User authentication is powered by Firebase Auth, supporting email/password and OAuth providers. On the server side, every request is verified — we decode and validate the Firebase JWT on each API call and WebSocket upgrade. No request reaches your bot data without a valid, unexpired token tied to your user account.
When you create a bot, a unique, cryptographically random API key is generated. This key is used by the OpenClaw plugin on the agent's machine to authenticate its WebSocket connection to the server. Each bot has its own key — if one is compromised, revoke it and regenerate without affecting your other agents.
botcontrol.ai uses Cloudflare Durable Objects as the core routing and state layer. Each bot gets its own Durable Object — a single-threaded, globally unique compute instance. This means your bot's WebSocket connections, in-memory state, and message routing are physically isolated from every other bot on the platform. There is no shared memory, no shared process, and no way for one bot's traffic to leak into another's.
WebSocket connections are the backbone of botcontrol.ai. Both the dashboard-to-server and agent-to-server links go through a strict authentication handshake before any data flows. Dashboard connections verify the Firebase JWT. Agent connections verify the bot API key and skill ID. After authentication, connections are maintained with heartbeat pings to detect stale connections and prevent zombie sessions.
botcontrol.ai runs entirely on Cloudflare's edge network — the same infrastructure that protects millions of websites from DDoS attacks, handles DNS for a significant portion of the internet, and provides enterprise-grade security to companies worldwide. There are no traditional servers to patch, no open ports to scan, and no SSH access to compromise.
We store the minimum data needed to operate: your user ID, bot names, bot configurations, and API keys. Chat messages and terminal commands are relayed in real time through the Durable Object and are not persisted to disk. We don't log your commands, we don't read your terminal sessions, and we don't train AI models on your data.
botcontrol.ai secures the platform. Here's how you can secure your setup.
Never share bot API keys in public repos, logs, or screenshots. Treat them like passwords.
Use a unique password or sign in with OAuth (Google). Enable 2FA on your Firebase account when available.
Regenerate bot API keys on a regular schedule, especially after team changes or suspected leaks.
Run OpenClaw agents with least-privilege OS accounts. Don't run agents as root unless necessary.
Check dashboard uptime and status regularly. Investigate agents that go offline unexpectedly.
Run the latest version of OpenClaw to get security patches and plugin compatibility fixes.
Create an account and click "Add Bot". You get a unique bot ID and install command.
Run the one-liner on any machine with OpenClaw. Works on Linux, macOS, and Windows.
Your agent appears on the dashboard in real time. Chat, terminal, integrations — all ready.