ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Anemone Browser

v1.1.0

Managed headful Chrome browser for OpenClaw agents with anti-bot-detection, human-in-the-loop VNC takeover, and multi-session window isolation. Use when: (1)...

0· 368·1 current·1 all-time
byEason Chen@easonc13
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the actual behavior: a Node CLI that installs/starts a headful Chrome + Xvfb + x11vnc + noVNC stack, provides CDP for agents, and offers VNC takeover for humans. The requested npm package, binaries, and scripts are consistent with this purpose. The package expects to run on Linux/macOS and installs system packages on Linux, which is expected for this scope.
Instruction Scope
SKILL.md directs the agent to start the managed browser, present a noVNC link to the user for human takeover, and use CDP on localhost; these are within scope. Points to note: the guidance explicitly has the agent (or CLI) produce and transmit a noVNC URL that contains the VNC password as a query parameter, and the CLI attempts to discover the host public IP via an external service (ifconfig.me). Both are functional for the purpose but leak credentials in URLs and involve external network calls.
Install Mechanism
Installation is via npm (anemone-browser) which provides the CLI binary. Linux setup script installs system packages via apt-get and downloads the official Google Chrome .deb from dl.google.com (an expected source). The installer copies scripts to /root and writes system files (e.g., /etc/opt/chrome/policies/managed/security.json). These actions require elevated privileges and modify system-wide locations; this is consistent with a system-level browser manager but worth attention before running on a host.
Credentials
The skill requests no environment variables or external credentials — appropriate. However, it generates/stores VNC passwords and SSL certs under /root, writes state to /tmp/anemone-state.json (including the VNC password), and prints noVNC URLs with password query params. Those behaviors are proportional to the feature set but carry confidentiality risks (password-in-URL, files under /root and /tmp).
!
Persistence & Privilege
The package installs a recurring healthcheck cron job (every 2 minutes) under the system/root crontab, creates persistent profile and cert files under /root and /etc, and writes Chrome policies system-wide. This gives the skill a persistent presence on the host and requires root privileges. While aligned with the auto-recovery design, it is a meaningful privilege and persistence vector that the user should explicitly authorize.
Assessment
This package appears to do what it says — manage a headful Chrome + VNC environment — but it makes root-level changes and persists a cron job, cookies/profile files, and certs under /root and /etc. Before installing: 1) Only run it on a dedicated machine/container or VM you control (do not install on a shared production host). 2) Expect apt installs and writes to /root and /etc; review scripts (they are included) and confirm you trust the author. 3) Note that noVNC links include the VNC password in the URL and the CLI may attempt to discover the host's public IP via ifconfig.me — treat links as sensitive and use network controls/firewalling. 4) Avoid using the --dangerously-no-password mode. 5) If you need less privilege, consider running the stack inside an isolated container and exposing only necessary ports. 6) After install, inspect crontab, /root/.vnc, /root/.chrome-profile, and /etc/opt/chrome/policies/managed to confirm expected files and remove the cron if you do not want automatic healthchecks.
bin/anemone.mjs:32
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976kynejtsfmm0000rb5a7ahh82y2kf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsanemone

Install

Install Anemone Browser CLI (npm)
Bins: anemone
npm i -g anemone-browser

Comments