ClawHub

OpenClaw Browser WSL Attach

v0.1.0

Automatically prepare, repair, and attach an OpenClaw-controlled Chromium browser in WSL or Linux environments where OpenClaw runs as root or in a headless s...

0· 66·0 current·0 all-time
by@shenzheke
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the three scripts all align: they edit ~/.openclaw/openclaw.json, create a backup, start a Chromium instance with remote debugging on a local port, and perform local health checks. Nothing in the bundle requires unrelated credentials, network endpoints, or tools.
Instruction Scope
The runtime instructions explicitly tell the agent/operator to run the included scripts which will modify ~/.openclaw/openclaw.json (a timestamped backup is created), kill/launch Chromium, and probe a local CDP endpoint. The healthcheck prints some environment variables (HOME, DISPLAY, XDG_RUNTIME_DIR) and process listings. This behavior is within scope for configuring browser attach behavior but is intrusive to the user's OpenClaw config and will start/kill local processes — the user should expect and permit those changes.
Install Mechanism
No install spec or remote downloads are present; all code is included in the skill bundle. Nothing will be fetched from arbitrary URLs or written from external sources during install.
Credentials
The skill declares no required env vars or credentials. The scripts optionally read a few environment variables (OPENCLAW_BROWSER_CDP_PORT, OPENCLAW_BROWSER_BIN, OPENCLAW_BROWSER_USER_DATA_DIR, OPENCLAW_BROWSER_LOG) and standard ones like HOME — these are reasonable for configuring local paths and ports and are proportional to the task.
Persistence & Privilege
The skill will modify the user's OpenClaw config file (writes ~/.openclaw/openclaw.json and a timestamped .bak) and can start/kill Chromium processes. It does not request always:true or system-wide privileged configuration beyond the user's files, but it does instruct using --no-sandbox when running as root which reduces Chromium's runtime isolation (a necessary but security-reducing choice).
Assessment
This skill appears to do what it says: it will update your ~/.openclaw/openclaw.json (it creates a timestamped backup), start/kill a local Chromium process with remote debugging on localhost:18800, and print local environment and process information. Before running: review the included scripts yourself, confirm you are comfortable with the config change and the backup, and ensure port 18800 is not exposed to untrusted networks. Be aware that the script runs Chromium with --no-sandbox when used as root (this reduces browser isolation and is a tradeoff for running as root); if possible prefer running as a non-root user or inspect the user-data-dir used by the script. There are no external downloads or credential exfiltration patterns present, but run these tools manually the first time so you can review outputs and logs (/tmp/openclaw-browser.log and the created backup).

Like a lobster shell, security has layers — review code before you run it.

latestvk97ex0v0mey5h3bc83mafjhkrh84939c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments