Prerelease & not production-ready. Security has not been fully vetted — OpenClaw and all bots should be used at your own risk. Expect bugs and breaking changes.
Kubernetes-native

Hold onto
your bots.

OpenClaw-first operations for Kubernetes clusters. One Helm install. One dashboard. Three bots.

Get Started GitHub
3 bot types Helm install MIT license Go + HTMX
terminal
$ clawmachine status ╔═══════════════════════╗ ║ ClawMachine Status ║ ╚═══════════════════════╝ NAME NAMESPACE STATUS ──────────────────────────────────────────────────── cilium kube-system  deployed connect 1password  deployed dorothy claw-machine  healthy $
// Why ClawMachine

Isolation-first design.
On your own infrastructure.

Each bot runs in its own isolated environment with secrets management and network controls built in — still in active development, so sharp edges exist.

01

Container Isolation

Each Claw bot runs in its own Kubernetes pod with dedicated resource limits and a strict security context. No shared runtimes, no cross-bot contamination.

02

Network Isolation & Allow Lists

Kubernetes NetworkPolicy locks down egress by default. Configure per-bot domain allow lists so bots only reach exactly what they need — nothing more.

03

1Password Vault Encryption

Secrets sync directly from your 1Password vault into Kubernetes via External Secrets Operator. Credentials never touch your dashboard and are never stored in plaintext.

04

Automated Workspace Backups

Schedule recurring backups of bot workspace data to S3 or GitHub on a configurable cron. Restore on startup — one checkbox to recover from any incident.

// The Fleet

OpenClaw First

🐙

OpenClaw

Primary supported path. General-purpose bot with plugins and channel integrations — the most actively developed and dogfooded option.

Recommended 🦾

IronClaw

Secure AI assistant built in Rust by NEAR AI. Privacy-first with WASM sandboxing, prompt injection defense, and persistent memory.

Beta 🦀

PicoClaw

Lightweight and fast. A minimal Go bot for health checks, simple automations, and proving your cluster works.

Beta
// How It Works

Three Steps. That's It.

01

Install to your cluster

One command sets up ClawMachine on any Kubernetes cluster. The interactive installer detects your environment. Start local — production use is at your own discretion.

curl -fsSL https://theclawmachine.dev/install.sh | bash
02

Deploy OpenClaw

Install OpenClaw as your default bot path. Use PicoClaw and IronClaw for beta testing and validation workloads.

03

Manage from one place

Monitor health, view logs, update config, and uninstall — all from a single dark-mode dashboard. No YAML wrangling.

// Why ClawMachine

Built Different

One Helm Install

No complex setup. No cloud dependencies. Helm install and you're running in minutes.

Your Cluster, Your Bots

Everything on your infrastructure. Bot data never leaves. Secrets stay in Kubernetes.

Built for Operators

Real-time health checks, per-bot config, and clean uninstalls. For people who run infrastructure.

Secrets Management

Native External Secrets Operator integration. Connect 1Password or any supported backend.

No JS Framework

Core stack — Go, HTML templates, HTMX, Bootstrap. Server-rendered, fast, and lightweight.

Open Source

MIT licensed. Read the code, fork it, extend it. Built in the open on GitHub.

Ready to grab your bots?

Install ClawMachine and start experimenting. Prerelease — feedback welcome.

Get Started