What is Claworc?
Claworc (OpenClaw Orchestrator) is a self-hosted dashboard for running and managing multiple OpenClaw AI agent instances. Each instance runs in its own isolated container with a browser and terminal, accessible remotely through a web interface. Use Claworc to:- Give each team member their own AI agent
- Run shared agents for data analysis or IT automation
- Deploy and monitor a fleet of agents from one place
How it works
Claworc runs as a control plane alongside your agent containers. It provisions instances in Docker or Kubernetes, establishes secure SSH tunnels to each one, and serves a web dashboard for access and management. Each agent container runs:- Browser (Chrome, Chromium, or Brave — with VNC access) — the agent’s browser environment
- Terminal (with VNC access) — a full interactive shell
- OpenClaw gateway — the AI agent process
Key features
Instance management
Create, start, stop, restart, and delete agent instances. Set CPU and memory limits per instance.
Remote access
Access each instance’s browser and terminal directly from your browser via VNC over WebSocket. Choose Chrome, Chromium, or Brave.
Configuration editor
Quickly edit each instance’s
openclaw.json config and restart OpenClaw automatically.Live logs
Stream real-time container logs with auto-scroll via Server-Sent Events.
SSH terminal
Open a persistent interactive SSH session to any instance. Sessions survive browser disconnects.
Audit logging
Every SSH connection, command, file operation, and key rotation is recorded with a configurable retention period.
LLM gateway
A built-in proxy issues each OpenClaw instance a virtual key per provider. Real API credentials never leave the control plane and can be revoked per instance without rotating your actual keys.
Security
Security is built into every layer of Claworc:Role-based access control
Two roles — admin and user. Admins manage all instances and users. Regular users see only the instances explicitly assigned to them.
Encrypted connections
All access to instances is secured through encrypted connections authenticated with SSH keys. No agent ports need to be exposed or configured.
Encrypted key storage
API keys are encrypted at rest using Fernet symmetric encryption. Keys are never returned in full by the API or written to config files in plaintext.
Passkey authentication
In addition to passwords, Claworc supports WebAuthn passkeys for biometric or hardware key login.
SSH key rotation
Rotate the global SSH key pair without downtime. Claworc temporarily holds both old and new keys during rotation to maintain connectivity.
Per-instance IP restrictions
Restrict which source IPs the control plane can use when connecting to each instance’s SSH server.
Deployment options
| Option | Best for |
|---|---|
| Installer script | Fastest way to get started on Linux, macOS, or Windows |
| Docker Compose | Manual single-machine deployments |
| Kubernetes + Helm | Production multi-node clusters |
Get started
Quickstart
Run your first Claworc instance in under five minutes.