Browser Vps Setup Skill
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches its stated purpose, but it sets up a high-privilege remote browser in a way that may expose unauthenticated browser control and weaken VPS isolation.
Install only on a dedicated, disposable VPS. Before starting the browser stack, enable firewall rules, bind noVNC/websockify and debugging ports to localhost, and verify the ports are not publicly reachable. Run Chrome as a non-root user where possible, avoid sensitive logins, and delete the browser profile or stop the services when done.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone who can reach the exposed noVNC port could potentially view or control the browser, including any websites or accounts opened in it.
The VNC server is passwordless and relies on localhost-only access, but the noVNC/websockify command does not explicitly bind its listening port to 127.0.0.1. That can expose remote browser control if the service listens on public interfaces before firewall rules block it.
# VNC server (localhost only, no password) x11vnc -display :99 -forever -nopw -localhost -quiet & ... websockify --web /usr/share/novnc 6080 localhost:5900 &
Bind websockify explicitly to 127.0.0.1, enable firewall rules before starting the stack, add authentication where possible, and verify from another machine that ports 5900, 6080, and 18800 are not publicly reachable.
A compromised browser session, unsafe page, or mistaken agent action could have broader impact on the VPS than if Chrome ran as an unprivileged user with normal sandboxing.
Root access is reasonable for package installation, but the instructions also imply running the agent-controlled browser stack as root and explicitly disable Chrome's sandbox.
compatibility: Requires apt package manager (Ubuntu/Debian), sudo/root access... ssh -L 6080:localhost:6080 root@YOUR_VPS_IP ... google-chrome-stable --no-sandbox ... "noSandbox": true
Use root only for installation, run Chrome and the browser stack under a dedicated non-root user, avoid --no-sandbox unless strictly required, and keep the VPS disposable or isolated.
Cookies, browsing history, and logged-in sessions may remain available to future browser tasks or to anyone who later gains access to the remote browser.
The skill uses a persistent Chrome profile and explicitly allows both the user and agent to control the same browser session.
--user-data-dir=~/.openclaw/browser/openclaw/user-data ... You'll see the Chrome window live. You and the agent control it simultaneously.
Use a dedicated browser profile and accounts, avoid sensitive logins, clear cookies after use, or delete ~/.openclaw/browser/openclaw/user-data when finished.
Running the commands changes the VPS and starts local services; mistakes or modified commands could affect the system.
The setup downloads and installs Chrome and optionally runs inline Python code for a local proxy bridge. This is aligned with the skill's purpose, but it is still executable setup logic run on the VPS.
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -O /tmp/chrome.deb apt-get install -y /tmp/chrome.deb ... python3 -c "import socket, threading, base64, select ..."
Review commands before running them, use a fresh VPS, and prefer pinned packages or a maintained install script if available.
The remote browser and proxy may keep running after the immediate task is done, leaving access paths active until manually stopped.
The browser stack and optional proxy are intentionally long-running background processes. The artifact says they must be restarted after reboot, so this is not hidden persistence, but no stop or cleanup procedure is provided.
Xvfb :99 ... &
x11vnc -display :99 -forever ... &
websockify ... &
...
while True:
c, _ = srv.accept()Add explicit stop commands or a cleanup script, and shut down Xvfb, x11vnc, websockify, Chrome, and the proxy when finished.