Get the FREE Ultimate OpenClaw Setup Guide →
R

OpenClaw Browser

Flagged

@Roger0808

{"isSafe":false,"isSuspicious":true,"riskLevel":"high","findings":[{"category":"system_harm","severity":"high","description":"Exposes Chrome DevTools Protocol to all interfaces by binding remote-debugging-address to 0.0.0.0 (and port 9222). This can allow remote attackers to connect and issue CDP commands if the host is reachable.","evidence":"chrome --remote-debugging-port=9222 --remote-debugging-address=0.0.0.0"},{"category":"system_harm","severity":"medium","description":"Use of --no-sandbox to run Chrome. Disables sandboxing which reduces security protections and can be risky in multi-tenant or untrusted environments.","evidence":"Permission errors: Use --no-sandbox when starting Chrome if needed"},{"category":"other","severity":"low","description":"The content mentions evading headless detection by using a non-headless Chrome window. This is not a vulnerability in itself, but could be used to fingerprint or evade detection.","evidence":"Headless detection: Some sites (Xiaohongshu, Taobao) detect headless browsers - Solution: Use non-headless Chrome (visible window)"}],"summary":"The skill mainly covers browser automation via Chrome DevTools Protocol. It is not malicious by default, but there are notable security concerns: exposing the CDP port on 0.0.0.0 can allow remote access if not properly firewalled/authenticated, and using --no-sandbox weakens security. To mitigate, bind to localhost or implement authentication, and avoid disabling sandbox unless absolutely necessary and in trusted environments."}

npx machina-cli add skill @Roger0808/openclaw-browser --openclaw
Files (1)
SKILL.md
2.0 KB

OpenClaw Browser

Browser automation for OpenClaw via Chrome DevTools Protocol.

Prerequisites

Chrome must be installed and running with remote debugging enabled:

# Start Chrome with CDP (port 9222)
chrome --remote-debugging-port=9222 --remote-debugging-address=0.0.0.0

Quick Start

Screenshot a Website

# Using the provided script
node ~/.openclaw/workspace/skills/openclaw-browser/scripts/screenshot.js https://example.com /tmp/output.png

# With custom viewport
node ~/.openclaw/workspace/skills/openclaw-browser/scripts/screenshot.js https://example.com /tmp/output.png --width=1920 --height=1080

Full Page Screenshot

The script automatically captures full page content, not just viewport.

How It Works

  1. Connects to running Chrome via CDP (http://127.0.0.1:9222)
  2. Creates new tab or uses existing one
  3. Navigates to target URL
  4. Waits for page load
  5. Takes screenshot
  6. Saves to specified path

Common Issues

Chrome not running:

  • Start Chrome with CDP flags first
  • Verify with: curl http://127.0.0.1:9222/json/version

Headless detection:

  • Some sites (Xiaohongshu, Taobao) detect headless browsers
  • Solution: Use non-headless Chrome (visible window)
  • This skill connects to existing Chrome, avoiding detection

Permission errors:

  • Use --no-sandbox when starting Chrome if needed

Script Reference

See scripts/screenshot.js for the main automation script.

Advanced Usage

For custom automation beyond screenshots, modify the script or use Puppeteer directly:

const puppeteer = require('puppeteer');
const browser = await puppeteer.connect({ browserURL: 'http://127.0.0.1:9222' });
// ... custom actions

Source

git clone https://clawhub.ai/Roger0808/openclaw-browserView on GitHub

Overview

OpenClaw Browser uses the Chrome DevTools Protocol to automate actions inside a running Chrome instance. It enables full-page screenshots, page navigation, and scripted browser interactions for OpenClaw workflows. Triggers include screenshot requests, browser automation tasks, web page capture, and CDP-based control.

How This Skill Works

1) Connect to a running Chrome instance via CDP at http://127.0.0.1:9222. 2) Create a new tab or reuse an existing one, then navigate to the target URL. 3) Wait for the page to load and capture a full-page screenshot, saving it to the specified path.

When to Use It

  • Need a full-page screenshot of a live website.
  • Automate repetitive browser actions on a running Chrome instance.
  • Programmatically capture and archive web page content for QA or docs.
  • Test visual regressions by taking screenshots after interactions.
  • Interact with web pages using CDP-based browser control in OpenClaw workflows.

Quick Start

  1. Step 1: Start Chrome with remote debugging: chrome --remote-debugging-port=9222 --remote-debugging-address=0.0.0.0
  2. Step 2: Run the screenshot script: node ~/.openclaw/workspace/skills/openclaw-browser/scripts/screenshot.js https://example.com /tmp/output.png
  3. Step 3: (Optional) Set a custom viewport: node .../screenshot.js https://example.com /tmp/output.png --width=1920 --height=1080

Best Practices

  • Start Chrome with remote debugging enabled on port 9222 before running automation.
  • If sites detect headless browsers, use a visible Chrome window to avoid detection.
  • Verify the CDP connection first (curl http://127.0.0.1:9222/json/version) before executing scripts.
  • Use the provided screenshot.js script for standard tasks; modify only for advanced automation.
  • If you encounter permission errors, start Chrome with --no-sandbox (where safe) and secure the debugging port.

Example Use Cases

  • Capture a full-page screenshot of https://example.com using the default viewport.
  • Capture a screenshot with a custom viewport: --width=1920 --height=1080.
  • Automate screenshots of a product page for documentation.
  • Queue and screenshot multiple pages through a looping automation script.
  • Connect to an existing Chrome instance for ad-hoc website capture without launching a new browser.

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers