ClawHub

OpenClaw浏览器自动化配置

v1.0.0

配置OpenClaw连接远程Chrome/CDP浏览器,实现无头浏览器自动化操作与管理。

6· 2.7k·30 current·31 all-time
by@happyfee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (connect OpenClaw to remote Chrome/CDP) align with the SKILL.md steps: run a headless Chrome container, verify CDP, add a browser profile to ~/.openclaw/openclaw.json, restart the OpenClaw gateway, and verify status. No unrelated credentials or tools are required.
Instruction Scope
Runtime instructions are limited to launching a Docker headless-shell, checking the CDP endpoint, editing OpenClaw config under the user's home (~/.openclaw/), restarting the user openclaw-gateway service, and running openclaw status — all are directly relevant to setting up remote browser automation. The optional browserless example includes an API token placeholder (expected). Instructions do not request unrelated files, system-wide secrets, or external exfiltration.
Install Mechanism
This is instruction-only (no install spec / no code). It suggests docker run chromedp/headless-shell:latest which will pull from Docker Hub — expected but you may want to pin an explicit image tag rather than using :latest to avoid unexpected image changes.
Credentials
The skill declares no environment variables or credentials. The only credential-like item is an optional browserless API key shown as a token in the cdpUrl, which is appropriate for that integration. No unrelated secrets or broad credentials are requested.
Persistence & Privilege
The skill does not request permanent/always-on privileges and does not modify other skills or system-wide settings beyond the user's OpenClaw config and restarting the per-user openclaw-gateway service — actions consistent with its purpose.
Assessment
This instruction-only skill appears coherent, but consider these practical cautions before applying it: (1) The Docker example uses the :latest tag — pin to a specific, trusted image digest or tag to avoid unexpected updates. (2) Running a CDP endpoint (port 9222) can expose browser control to the network — ensure it's bound to localhost or protected by a firewall and do not expose it publicly. (3) If you use browserless with a token, avoid embedding the token in source-controlled files or public URLs (the example places the token in the cdpUrl which may be logged); store secrets securely. (4) Restarting the user systemd service requires appropriate user permissions; verify the openclaw binary/service is the expected upstream. (5) Only pull container images from trusted sources and verify image provenance. If you want higher assurance, request a signed/verified install spec or a pinned Docker image reference from the skill author.

Like a lobster shell, security has layers — review code before you run it.

automationvk973zw8btj8s359n0kjytk78mn81kyytbrowservk973zw8btj8s359n0kjytk78mn81kyytcdpvk973zw8btj8s359n0kjytk78mn81kyytlatestvk973zw8btj8s359n0kjytk78mn81kyyt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments