Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Anemone Browser
v1.1.0Managed headful Chrome browser for OpenClaw agents with anti-bot-detection, human-in-the-loop VNC takeover, and multi-session window isolation. Use when: (1)...
⭐ 0· 332·0 current·0 all-time
byEason Chen@easonc13
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (managed headful Chrome with VNC and anti-detection) match the included scripts and README. The package contains setup and start scripts that install and run Chrome, Xvfb, x11vnc, noVNC/websockify, and configure Chrome policies — all expected for this goal. There are no unrelated environment variables or external API keys requested.
Instruction Scope
SKILL.md instructs the agent/user to run the provided setup/start scripts and to send a noVNC link to a human when a CAPTCHA appears. This is within scope, but the doc includes a concrete example public IP and password in one place (likely illustrative) — users should not treat example credentials/addresses as a live endpoint. The instructions explicitly require running system-level installers and services and printing the VNC password to stdout, which is functionally required for the human-in-the-loop flow but worth being aware of.
Install Mechanism
There is no platform 'install' manifest, but the included scripts perform apt-get installs and fetch Google Chrome from Google's official dl.google.com URL (expected). The start script writes a Chrome policy to /etc/opt/chrome/policies/managed (system-wide change), generates a self-signed cert under /root/.vnc, copies a start script into /root, and runs services (Xvfb, x11vnc, websockify). These are coherent with purpose but are high-impact system changes (require root).
Credentials
The skill requests no environment variables or external credentials. It does, however, generate and store a VNC password locally (/root/.vnc/passwd) and prints the password/URL for user access — necessary for the human takeover feature. The scripts require elevated privileges to install packages and write system Chrome policies; that privilege requirement is proportionate to what the scripts do but should be accepted consciously by the operator.
Persistence & Privilege
always:false and normal autonomous invocation settings are used. The skill modifies system-level Chrome policy files and writes files under /root (persistent artifacts), which is expected for altering Chrome behavior but is a persistent, system-wide change that could affect other Chrome users on the host. The skill does not request to modify other skills or agent-wide config beyond the OpenClaw browser config (macOS CLI config changes are explicit in setup-mac.sh).
Assessment
This package is internally consistent with its stated goal, but it performs system-level installs and exposes an interactive VNC endpoint — proceed carefully. Recommended steps before installing: (1) Review the start.sh and setup.sh contents (they are included) and run them in an isolated environment (container or VM) first; (2) Do not publish the noVNC port to the public internet without a firewall and additional access control; websockify/noVNC will present the VNC session over HTTPS with a self-signed cert and the generated password — rotate/change the password and consider using a VPN/Tailscale or SSH tunnel to restrict access; (3) Be aware the scripts write /etc/opt/chrome/policies/managed (system Chrome policy) and create files under /root — expect system-wide effects; (4) If using Docker, avoid publishing the CDP port (9222) or web ports to public hosts unless intended; CDP is bound to 127.0.0.1 by the script but misconfigured host port mappings could expose it; (5) Treat any example IPs/passwords in the docs as illustrative — verify the actual runtime outputs before sharing links. If you need stronger assurance, run the setup in an ephemeral VM, audit network exposure, and confirm the service does not leak data to unexpected external endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk97edxs0455qce2z3mqwzg8rcx822amb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.