OpenClaw浏览器自动化配置
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent browser-automation setup guide, but its recommended default can expose an unauthenticated browser-control port, so it should be reviewed and hardened before use.
Use this skill only if you intentionally want OpenClaw to control a CDP browser. Before following the Docker command, restrict port 9222 to localhost or a trusted private network, avoid exposing CDP publicly, pin the Docker image version, and protect any Browserless.io API key stored in configuration.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the host or remote server is reachable by others, an unauthorized party may be able to control the headless browser or observe browser activity.
The recommended command publishes the Chrome DevTools Protocol port from the container to the host. CDP is a browser-control interface, and the guide does not specify localhost-only binding, authentication, firewalling, VPN, or SSH tunneling.
docker run -d --name browser-auto -p 9222:9222 --shm-size=512m chromedp/headless-shell:latest
Bind the port to localhost, for example `-p 127.0.0.1:9222:9222`, or protect it with firewall/VPN/SSH tunneling and only expose CDP to trusted clients.
Future installs may run a different browser image than the one originally reviewed or tested.
The setup uses an external Docker image with the mutable `latest` tag. This is purpose-aligned for a Docker-based browser setup, but the exact image version can change over time.
chromedp/headless-shell:latest
Pin the Docker image to a specific version or digest when stability and reviewability matter.
Anyone who can read or leak this configuration value may be able to use the Browserless service under the user’s account.
The optional Browserless.io configuration uses an API key in the CDP URL. This is expected for the cloud browser provider, but it is still a credential that grants access to the user’s Browserless account.
"cdpUrl": "https://production-sfo.browserless.io?token=<API_KEY>"
Treat the token as a secret, restrict file permissions on the OpenClaw config, and rotate the token if it may have been exposed.
Pages, URLs, form inputs, and session activity handled by the cloud browser may be visible to or processed by the provider.
The guide includes an option to route browser automation through a third-party cloud browser provider. This is disclosed and purpose-aligned, but it changes the data boundary for browsing activity.
连接browserless.io云服务
Use the cloud option only for data you are comfortable processing through that provider, and prefer local or private browser infrastructure for sensitive sessions.
Browser automation may continue to be available to OpenClaw until the user stops the container or disables the profile.
The browser runs as a detached container, and the guide also enables a persistent browser profile in OpenClaw configuration. This is disclosed and aligned with the setup purpose, but it remains active after initial configuration.
docker run -d --name browser-auto ...
Stop or remove the container and disable the OpenClaw browser profile when browser automation is no longer needed.