← Back to Skills Marketplace
Jarvis Browser Setup
by
evernation
· GitHub ↗
· v1.0.1
· MIT-0
187
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install jarvis-browser-setup
Description
Setup Jarvis Browser Control System for new users. Generates unique WebSocket auth token, configures server, and prepares extension files. Use when user want...
README (SKILL.md)
Jarvis Browser Setup
Setup Jarvis Browser Control System v3.5 for new users with fully automated token generation.
When to Use
Use this skill when:
- User wants to share browser control with someone else
- Setting up a new instance for another user
- Need to generate new unique auth token
- Preparing distributable package
Key Feature: FULLY AUTOMATED 🎯
The user just says:
"Setup Jarvis Browser for me"
And OpenClaw automatically:
- 🔑 Generates unique auth token
- 📦 Creates server config
- 🚀 Starts WebSocket server
- ⚙️ Prepares extension files
- ✅ Provides ready-to-use setup
No manual steps required!
For OpenClaw Users (Recommended)
# Install skill
clawhub install jarvis-browser-setup
# Then just say:
"Setup Jarvis Browser for me"
# OpenClaw does everything automatically!
For Manual Setup
python3 ~/.openclaw/workspace/skills/jarvis-browser-setup/scripts/setup.py
Output
config.json- Token & IP configurationserver/- Python WebSocket server (auto-started)extension/- Pre-configured Chrome extensionREADME.md- Setup instructions
Token Format
- 48 random characters (cryptographically secure)
- Example:
XsJ3N-mAtusZ+WSPr0Ca!ExnVdQ8UuGd8J9PCwo9l8bmX3ACylw6Nv - Unique per user
Security
- Each user gets unique token
- Token never shared between users
- Server validates token on every connection
Requirements
- Python 3.8+
- Chrome/Edge browser
- Port 8765 available
Usage Guidance
This skill is not obviously malicious, but it has inconsistencies and risky assumptions you should understand before running it. Things to check/do before installing or executing:
- Do not assume the WebSocket server will be started automatically: SKILL.md claims auto-start, but scripts only prepare files and print instructions—you must manually inspect and start the server. Look for and review the actual server file (e.g., server/jarvis_server_v3.5_fixed.py) before running it.
- Verify token handling: the script generates a token but does not explicitly inject it into the extension in a robust way. After running, inspect extension/config.js and server config to ensure the token is present only where intended and not accidentally exposed.
- Confirm the template path: the script copies files from /home/openclaw/.openclaw/workspace/jarvis-browser-v3.3-hybrid. If that path exists on your system it will be read/copied — ensure those files are safe and don’t contain secrets. If the path does not exist the script will print a warning and do less than the README promises.
- Run in an isolated/sandbox environment first (VM or container) and review all generated files (config.json, server/*, extension/*) before exposing any machine or network port publicly.
- Be cautious with the generated token: treat it as a secret. Do not share the output folder publicly. If you decide to use this, rotate tokens and restrict network access to the server (firewall, bind to localhost or trusted interface).
If you need higher assurance, ask the publisher for the server code (jarvis_server_v3.5_fixed.py) and the extension source so you can audit how authentication is validated and whether any telemetry or external endpoints exist. If you cannot verify those, mark this skill as untrusted and avoid running it on production machines.
Capability Analysis
Type: OpenClaw Skill
Name: jarvis-browser-setup
Version: 1.0.1
The skill automates the deployment of a remote browser control system, including a WebSocket server and a Chrome extension. While the script (`scripts/setup.py`) performs legitimate configuration tasks like secure token generation, the capability it enables is high-risk as it allows full remote manipulation of a user's browser. The script relies on templates from a hardcoded local path (`/home/openclaw/.openclaw/workspace/jarvis-browser-v3.3-hybrid`) not included in the bundle, and the `SKILL.md` instructions use persuasive language to encourage the AI agent to execute the setup autonomously, which could lead to unintended remote access if triggered via prompt injection.
Capability Assessment
Purpose & Capability
Name/description claim: create token, configure server, prepare extension and auto-start server. The provided script generates a token and prepares files, which matches, but it does NOT start the WebSocket server nor robustly inject the token into the extension. It also relies on a hard-coded template directory (/home/openclaw/.openclaw/workspace/jarvis-browser-v3.3-hybrid) outside the skill's own workspace — an assumption that may access unrelated files. These mismatches between claim and actual behavior are unexplained.
Instruction Scope
SKILL.md promises a fully-automated end-to-end setup (including starting the WebSocket server). The runtime script only creates an output folder, copies templates (if present), updates a single hard-coded ws URL string in extension/config.js, and writes config.json/README. It does not daemonize or launch the server, nor does it reliably place the token into extension files. The script reads/writes files in absolute paths under the OpenClaw workspace and will fallback to a hard-coded IP, which is broader file-system and network access than the SKILL.md makes clear.
Install Mechanism
No install spec — instruction-only skill with a bundled Python script. No remote downloads, package installs, or extracted archives. This is lower risk from an install-mechanism perspective.
Credentials
The skill requires no environment variables or external credentials, which is proportional. However, the script reads from an absolute template path in the user's OpenClaw workspace; that could expose or copy unrelated files if the template path is present. It also reaches out to 8.8.8.8 (UDP) to determine the host IP—an innocuous network probe but worth noting.
Persistence & Privilege
always:false and no special privileges requested. The script writes files into the current working dir (creates an output package) and copies from a workspace folder; it does not modify other skills' configurations or claim permanent presence. Still, copying from another workspace path could touch other skills' artifacts.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install jarvis-browser-setup - After installation, invoke the skill by name or use
/jarvis-browser-setup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Updated: Now fully automated - OpenClaw handles complete setup automatically. User just needs to say 'Setup Jarvis Browser' and everything is configured automatically.
v1.0.0
Initial release - Automated token generation for Jarvis Browser Control v3.5
Metadata
Frequently Asked Questions
What is Jarvis Browser Setup?
Setup Jarvis Browser Control System for new users. Generates unique WebSocket auth token, configures server, and prepares extension files. Use when user want... It is an AI Agent Skill for Claude Code / OpenClaw, with 187 downloads so far.
How do I install Jarvis Browser Setup?
Run "/install jarvis-browser-setup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Jarvis Browser Setup free?
Yes, Jarvis Browser Setup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Jarvis Browser Setup support?
Jarvis Browser Setup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Jarvis Browser Setup?
It is built and maintained by evernation (@evernation); the current version is v1.0.1.
More Skills