OpenClaw is the runtime. ClawButler is the control plane. We don't build Agents — we make your existing Agents visible, controllable, and compliant.
Why Now
You have six Agents deployed. One is healthy, one is pending approval, one went offline four minutes ago. Right now, you have no way to know this without SSH-ing into the box and reading logs. ClawButler changes that in one connection.
Connect your OpenClaw instance once. Every Agent is auto-discovered. Dashboard, topology map, live activity stream, and session monitor — all real-time, all in one place.
OpenClaw has no authentication by default. 512 vulnerabilities found by Kaspersky. 335 malicious Skills confirmed on ClawHub. Once an Agent gets tool access, any allowed sender can trigger tool calls within its permissions — including destructive ones.
Every high-risk operation goes through HITL Approval with full context and impact assessment. One-click approve or deny. Kill Switch for emergencies. Every action enters an immutable audit trail.
Kaspersky found 512 vulnerabilities in OpenClaw. Censys discovered 21,639 instances exposed on the public internet. 335 malicious Skills on ClawHub. But most operators don't know if their own gateway has auth enabled, if transport is encrypted, or if high-risk tools are wide open — until it's too late.
ClawButler scans your OpenClaw configuration against the latest known vulnerabilities and security best practices. Transport encryption, authentication, network exposure, tool risk levels, malicious Skill detection — checked on first connection and continuously via nightly trust audits.
OpenClaw's usage.cost API only reads the main Agent's sessions — a hardcoded limitation. Multi-Agent coordination burns 3.5x more tokens than single-Agent. Without per-Agent attribution and spend caps, costs spiral silently.
Per-Agent cost breakdown via sessions.usage. Budget circuit breakers that auto-alert or auto-halt when thresholds are reached. Root cause tree drills down to Agent, model, and time period.
OpenClaw config is powerful but fragile — the model field can be a string or a dict, methods split into gateway-global vs per-agent, resolved and config mean different things. Whether you broke it manually or an AI assistant changed something wrong, there's no native rollback.
Two safety nets: Every Agent config change creates an immutable snapshot — with semantic diff, rollback preview, drift detection, and auto-save of current state before restoring. At the gateway level, encrypted backup packages export your entire setup for full or scoped restore, with preview before apply.
Every new Agent starts from scratch or a hastily copied config. Different environments drift apart silently. There's no standard way to validate before deploying, and no automatic recovery when things break.
Verified Templates with type-safe variables and compatibility validation. Preview exactly what will change before deploying. If deployment fails, automatic rollback kicks in.
Health checks, cost reports, config audits, incident response — all done by hand, all during business hours. At night and on weekends, your Agents run unsupervised.
Runbooks turn routine operations into observable, auditable workflows with built-in approval gates. Trigger by schedule, webhook, or event. Every step logged, every failure alerted.
Four Platforms, One Control Plane
Design Philosophy
ClawButler is a control plane for OpenClaw, not a fork of it. We choose to govern, not to replace. These are deliberate design boundaries.
Fix OpenClaw's cron scheduler
We detect anomalies and offer Runbook migration as a better alternative — but we won't patch OpenClaw's internal scheduler. That's their runtime.
Recover lost session context
We trace the impact via Sessions and Audit so you know exactly what was lost — but we won't reconstruct OpenClaw's compaction output. That's their data layer.
Correct memory state semantics
Memory Browser gives you visibility into the current state — but we won't override OpenClaw's memory subsystem behavior. That's their internal contract.
Patch webchat or pairing auth
Connector diagnostics help you pinpoint issues faster — but we won't modify OpenClaw's frontend or token flow. That's their auth implementation.
Clean up orphan processes
Health Check surfaces process anomalies so you can act quickly — but we won't reach into OpenClaw's process tree. That's their runtime responsibility.
Start with managed Cloud, pair a runtime host, or self-host for full data control.
Self-Hosted Community: all features, free forever. Cloud Free: no credit card required.