Description

Set up a remote-controlled Chrome browser on a Linux VPS with noVNC visual access (via SSH tunnel) and optional authenticated HTTP proxy. Use when the user w...

README (SKILL.md)

Browser on VPS — Setup

Name: Browser Vps Setup Skill
Author: osipov-anton

Set up Chrome on a Linux VPS so:

The agent can control it (open pages, click, fill forms, take screenshots) via OpenClaw browser tool
The user can watch and interact via noVNC in their local browser (over SSH tunnel)
Optionally: all traffic routes through an authenticated HTTP proxy (for anti-captcha)

Step 1: Install dependencies

apt-get install -y xvfb x11vnc novnc

# Install real Google Chrome (NOT snap — snap breaks automation)
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -O /tmp/chrome.deb
apt-get install -y /tmp/chrome.deb || apt --fix-broken install -y

Step 2: Start the browser stack

# Clean stale locks
rm -f /tmp/.X99-lock ~/.openclaw/browser/openclaw/user-data/SingletonLock 2>/dev/null

# Virtual display
Xvfb :99 -screen 0 1280x800x24 &
sleep 2

# VNC server (localhost only, no password)
x11vnc -display :99 -forever -nopw -localhost -quiet &
sleep 1

# noVNC web UI on port 6080 (localhost only)
websockify --web /usr/share/novnc 6080 localhost:5900 &
sleep 1

# Chrome with CDP on port 18800
DISPLAY=:99 google-chrome-stable --no-sandbox --disable-gpu \
  --remote-debugging-port=18800 \
  --user-data-dir=~/.openclaw/browser/openclaw/user-data \
  --window-size=1280,800 &

Step 3: Connect visually from your laptop

ssh -L 6080:localhost:6080 root@YOUR_VPS_IP

Then open http://localhost:6080/vnc.html → click Connect.

You'll see the Chrome window live. You and the agent control it simultaneously.

Step 4: Configure OpenClaw

In ~/.openclaw/openclaw.json add:

{
  "browser": {
    "enabled": true,
    "executablePath": "/usr/bin/google-chrome-stable",
    "attachOnly": true,
    "headless": false,
    "noSandbox": true
  }
}

Then restart: openclaw gateway restart

The agent can now use the browser tool to navigate, click, type, screenshot, etc.

Step 5 (Optional): Authenticated HTTP proxy

If you need a proxy (e.g. mobile proxy for anti-captcha), Chrome can't pass username/password in --proxy-server. Solution: run a local Python bridge that forwards with auth injected automatically.

python3 -c "
import socket, threading, base64, select

UPSTREAM_HOST = 'PROXY_IP'      # e.g. 87.236.22.82
UPSTREAM_PORT = PROXY_PORT       # e.g. 19423
USERNAME = 'PROXY_USER'
PASSWORD = 'PROXY_PASS'
LOCAL_PORT = 18801

auth = base64.b64encode(f'{USERNAME}:{PASSWORD}'.encode()).decode()

def handle(client):
    try:
        data = b''
        while b'\r\
\r\
' not in data:
            data += client.recv(4096)
        upstream = socket.create_connection((UPSTREAM_HOST, UPSTREAM_PORT))
        if b'Proxy-Authorization' not in data:
            data = data.replace(b'\r\
\r\
', f'\r\
Proxy-Authorization: Basic {auth}\r\
\r\
'.encode(), 1)
        upstream.sendall(data)
        while True:
            r, _, _ = select.select([client, upstream], [], [], 30)
            if not r: break
            for s in r:
                d = s.recv(65536)
                if not d: return
                (upstream if s is client else client).sendall(d)
    except: pass
    finally:
        try: client.close()
        except: pass
        try: upstream.close()
        except: pass

srv = socket.socket()
srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
srv.bind(('127.0.0.1', LOCAL_PORT))
srv.listen(50)
print('Local proxy on 127.0.0.1:18801')
while True:
    c, _ = srv.accept()
    threading.Thread(target=handle, args=(c,), daemon=True).start()
" &

Then restart Chrome with proxy:

pkill -9 chrome
rm -f ~/.openclaw/browser/openclaw/user-data/SingletonLock
DISPLAY=:99 google-chrome-stable --no-sandbox --disable-gpu \
  --remote-debugging-port=18800 \
  --user-data-dir=~/.openclaw/browser/openclaw/user-data \
  --window-size=1280,800 \
  --proxy-server="http://127.0.0.1:18801" &

Verify: ask the agent to open https://api.ipify.org — it should show the proxy IP, not the VPS IP.

Firewall (recommended)

ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

noVNC (6080), VNC (5900), and CDP (18800) are all localhost-only — never exposed publicly.

After reboot

All processes (Xvfb, x11vnc, websockify, Chrome) must be restarted. Ask the agent:

"Start the browser stack on the VPS"

The agent should run Step 2 commands from this skill.

Usage Guidance

This skill appears to do what it says (set up a controllable Chrome on a VPS), but it uses several risky operational choices you should review before installing: 1) Chrome is launched with --no-sandbox (dangerous when browsing untrusted sites); avoid this if you can or run Chrome as an unprivileged user or inside a dedicated container/VM. 2) x11vnc is started with -nopw (no password) — the author limits exposure by binding to localhost, but ensure ports are not publicly reachable and only use SSH tunnels from trusted machines. 3) The optional proxy bridge requires embedding proxy credentials into a running Python one-liner: don’t paste secrets into a shell history or shared commands; prefer storing credentials in a file with strict permissions or using a vetted proxy client that supports authenticated upstreams. 4) Running services as root and installing .debs from the network is expected here but increases risk; verify downloads, prefer package-managed installs if available, and isolate this workload from other systems. 5) After setup, an agent and any user with access to the gateway/browser can control the browser (navigate pages, run JS, download). Limit the agent’s permissions and avoid visiting sensitive internal services with the provisioned browser. If you plan to proceed, consider: running the stack under a dedicated user or container, enabling proper authentication for VNC/noVNC, handling proxy credentials securely (not inline), and keeping the Chrome sandbox if possible.

Capability Analysis

Type: OpenClaw Skill Name: browser-vps-setup-skill Version: 1.0.0 The skill is classified as suspicious primarily due to the use of the `--no-sandbox` flag when launching Google Chrome, which significantly weakens the browser's security posture and makes it vulnerable to exploits. Additionally, the `x11vnc` server is configured without a password, although it is bound to localhost and intended for access via an SSH tunnel. While these configurations are common in automated browser setups, they represent significant security vulnerabilities rather than malicious intent. There is no evidence of data exfiltration, persistence mechanisms, or malicious prompt injection against the agent.

Capability Assessment

✓ Purpose & Capability

The name/description (remote-controlled Chrome + noVNC + optional proxy) match the SKILL.md steps: installing Xvfb/x11vnc/noVNC, launching Chrome with remote debugging, and exposing noVNC bound to localhost for SSH tunneling. Required privileges (sudo/root) and apt (Debian/Ubuntu) are declared in the header and needed for the described operations.

ℹ Instruction Scope

Instructions stay within the stated purpose (install VM display, VNC, noVNC, launch Chrome, configure openclaw.json, optional proxy bridge). However some runtime commands expand the attack surface: launching x11vnc with -nopw (no password) even though bound to localhost, running websockify and services as background processes, and recommending Chrome with --no-sandbox. The optional Python proxy injects Proxy-Authorization into requests and runs a long-lived socket server — that component handles sensitive credentials and network traffic and is outside typical simple setup steps.

ℹ Install Mechanism

This is instruction-only (no install spec), which minimizes hidden installs. The SKILL.md downloads Google Chrome directly from dl.google.com (official). Still, the instructions write and execute packages on the VPS (apt/apt-get, wget + .deb), so the user is ultimately executing remote-sourced code — expected for this task, but it merits normal caution (verify package source/signature).

⚠ Credentials

The skill requests no environment variables or external credentials in the registry metadata, but the optional proxy step requires upstream host/port/username/password to be embedded into a one-liner Python server. That is sensitive and the SKILL.md does not advise secure secret handling (e.g., use environment variables, config files with restricted permissions, or a vetted PAC/proxy client). Also running Chrome with --no-sandbox increases risk of privilege escalation in case web content is malicious.

ℹ Persistence & Privilege

always:false and default autonomous invocation are appropriate. The skill requires root/sudo and asks to edit ~/.openclaw/openclaw.json — both are expected for configuring the agent. Still, the combination of running Chrome with --no-sandbox and backgrounding VNC/websockify services increases long-lived attack surface; consider running under a dedicated, limited user or container and ensure services remain bound to localhost and protected by firewall/SSH tunnel.

Version History

v1.0.0

Initial release: Easily set up a remotely controllable Chrome browser on a Linux VPS with noVNC visual access and optional authenticated proxy. - Provides detailed steps to install, run, and access Chrome via noVNC on Ubuntu/Debian VPS. - Enables simultaneous control by both agent (automation) and user (visual/interactive via browser). - Includes config for integration with OpenClaw agents. - Offers an optional local Python proxy bridge for authenticated HTTP proxies. - Security note: visual access and control ports are localhost-only; includes recommended firewall settings.

Metadata

Slug browser-vps-setup-skill

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Browser Vps Setup Skill?

Set up a remote-controlled Chrome browser on a Linux VPS with noVNC visual access (via SSH tunnel) and optional authenticated HTTP proxy. Use when the user w... It is an AI Agent Skill for Claude Code / OpenClaw, with 589 downloads so far.

How do I install Browser Vps Setup Skill?

Run "/install browser-vps-setup-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Browser Vps Setup Skill free?

Yes, Browser Vps Setup Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Browser Vps Setup Skill support?

Browser Vps Setup Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Browser Vps Setup Skill?

It is built and maintained by osipov-anton (@osipov-anton); the current version is v1.0.0.

More Skills

Browser Vps Setup Skill