Self-Healing AI Bots

Your bot breaks.
The mechanic fixes it.

Automated health checks, config repair, and gateway monitoring for your OpenClaw agent. One script to connect. Then we handle the rest.

How it works
01

Run the script

One curl command on your VPS. Sets up mechanic access in 2 minutes.

02

Install OpenClaw

Follow our 15-min tutorial. Get your API key, connect your channel.

03

Mechanic watches

Daily health checks. Auto-repair. You get a morning report.

Step 1: Connect to the Mechanic

SSH into your VPS as root and run this. It preps the server, creates a dedicated user, and gives the mechanic restricted repair access.

# Run this on your VPS as root $ curl -fsSL https://mechanicbot.io/onboard.sh | sudo bash -s -- \ --name "my-bot" \ --email "you@example.com" \ --token "YOUR-SIGNUP-TOKEN"

Your signup token is emailed to you after subscribing. The script takes ~2 minutes. What does it do? →

Step 2: Install OpenClaw

The mechanic is now watching your server. Follow these tutorials to install OpenClaw and get your bot running.

01
5 MIN

Get Your API Key

Sign up at Anthropic, OpenAI, or OpenRouter. Copy the key. We show you exactly where to go and what to click.

VIDEO TUTORIAL
02
3 MIN

Install Node.js

Two commands. Copy, paste, done. We use NVM so you always get the right version.

COPY-PASTE
03
5 MIN

Install OpenClaw

One npm command, then run the onboard wizard. It walks you through everything. Paste your API key when asked.

VIDEO TUTORIAL
04
5 MIN

Connect Telegram

Message @BotFather, get a token, paste it in. Send your bot a "hello" and watch it respond. That's it — you're live.

VIDEO TUTORIAL

Total setup time: ~20 minutes. No coding required. Just copy-paste commands and follow the wizard.

What the Mechanic Can (and Can't) Do

The mechanic can

  • Check if your gateway is running
  • Restart a crashed gateway
  • Restore config from backup
  • Run openclaw doctor --fix
  • Clear old log files
  • Check Node.js version
  • View recent error logs

The mechanic cannot

  • Read your files or messages
  • See your API keys or tokens
  • Open an interactive shell
  • Install or remove software
  • Access other services on your VPS
  • Forward ports or tunnel traffic
  • Run any command not on the whitelist

Questions

It creates a dedicated 'openclaw' user on your VPS, hardens SSH security (disables root login, enables key-only auth, installs fail2ban), deploys a restricted command script that limits what the mechanic can do, adds the mechanic's SSH key with those restrictions, and installs Node.js + OpenClaw. It does NOT touch your API keys — those go in the wizard and never leave your machine.
Completely. You buy the VPS from any provider you want. You install OpenClaw yourself. You enter your own API keys. The mechanic has zero access to your messages, files, or credentials — only to health check and repair operations.
Yes. The restricted command script lives at ~/.openclaw/scripts/mechanic-allowed.sh on your VPS. It's a plain bash file you can open and read. Every command the mechanic runs is logged to ~/.openclaw/logs/mechanic-audit.log.
One command: sed -i '/mechanic-bot/d' ~/.ssh/authorized_keys — done. The mechanic loses all access instantly.
Every Sunday at midnight UTC, the mechanic generates a fresh key pair, deploys the new public key to your bot using the still-valid old key, verifies the new key works, then revokes the old one. A leaked key is worthless within 7 days maximum.
The mechanic runs a first-check automatically. It reads your logs, finds the exact cause — wrong API key, bad token, gateway not starting — and either fixes it on the spot or tells you precisely what to do. No guessing, no generic error messages.
Yes. Linux VPS is the most common setup, but the onboarding script works on macOS (Mac Mini, MacBook) and Windows via WSL2. The setup guide adapts to your platform automatically. Mac users: Remote Login must be enabled (System Settings → General → Sharing → Remote Login → ON) — this is how the mechanic connects to your machine.