OpenClaw浏览器自动化配置
Security checks across malware telemetry and agentic risk
Overview
This is a mostly coherent browser automation setup, but its Docker example can expose an unauthenticated Chrome CDP control port and should be reviewed before use.
Install only if you understand the browser-control impact. Prefer binding CDP to localhost, use SSH/VPN/firewall protection for remote access, do not expose port 9222 publicly, pin the Docker image, and protect any Browserless.io API key.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the CDP port is reachable by other users or the network, they could potentially drive the browser, view pages, or act through any browser session available in that container.
This starts a long-running headless Chrome container and publishes the CDP browser-control port. Without explicit localhost binding, firewalling, authentication, or tunneling guidance, reachable clients may be able to control the browser.
docker run -d --name browser-auto -p 9222:9222 --shm-size=512m chromedp/headless-shell:latest
Bind the port to localhost, for example `-p 127.0.0.1:9222:9222`, use SSH/VPN/firewall controls for remote access, avoid exposing CDP publicly, and stop the container when not in use.
Future installs could run a different container image than the one the publisher tested.
The setup uses a mutable `latest` Docker tag. Pulling a container is expected for this skill, but the exact image version can change over time.
chromedp/headless-shell:latest
Pin a specific image version or digest and review the Docker image source before running it.
Anyone who can read the config or logs containing this URL may be able to use the Browserless.io token.
The optional Browserless.io profile uses an API key in the CDP URL. This is expected for that provider, but it is still a credential that grants account access.
"cdpUrl": "https://production-sfo.browserless.io?token=<API_KEY>"
Use a scoped token, protect the OpenClaw config file, avoid sharing logs containing the URL, and rotate the token if exposed.
Sensitive browsing activity could be visible to or processed by the external browser provider if that option is used.
The skill documents an optional cloud browser provider. That is purpose-aligned, but browser automation traffic and page data may be processed outside the local environment.
连接browserless.io云服务 ... "cdpUrl": "https://production-sfo.browserless.io?token=<API_KEY>"
Use the cloud option only for data you are comfortable routing through Browserless.io, and review the provider's privacy, logging, and retention settings.