← Back to Skills Marketplace
sheffk78

Camofox Browser

by sheffk78 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
145
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install camofox-browser
Description
Headless browser server enabling AI agents to create tabs, navigate, interact, and capture snapshots with element references locally or in the cloud.
README (SKILL.md)

camofox-browser Agent Guide

Headless browser automation server for AI agents. Run locally or deploy to any cloud provider.

Quick Start for Agents

# Install and start
npm install && npm start
# Server runs on http://localhost:9377

Core Workflow

  1. Create a tab → Get tabId
  2. Navigate → Go to URL or use search macro
  3. Get snapshot → Receive page content with element refs (e1, e2, etc.)
  4. Interact → Click/type using refs
  5. Repeat steps 3-4 as needed

API Reference

Create Tab

POST /tabs
{"userId": "agent1", "sessionKey": "task1", "url": "https://example.com"}

Returns: {"tabId": "abc123", "url": "...", "title": "..."}

Navigate

POST /tabs/:tabId/navigate
{"userId": "agent1", "url": "https://google.com"}
# Or use macro:
{"userId": "agent1", "macro": "@google_search", "query": "weather today"}

Get Snapshot

GET /tabs/:tabId/snapshot?userId=agent1

Returns accessibility tree with refs:

[heading] Example Domain
[paragraph] This domain is for use in examples.
[link e1] More information...

Click Element

POST /tabs/:tabId/click
{"userId": "agent1", "ref": "e1"}
# Or CSS selector:
{"userId": "agent1", "selector": "button.submit"}

Type Text

POST /tabs/:tabId/type
{"userId": "agent1", "ref": "e2", "text": "hello world"}
# Add enter: {"userId": "agent1", "ref": "e2", "text": "search query", "pressEnter": true}

Scroll

POST /tabs/:tabId/scroll
{"userId": "agent1", "direction": "down", "amount": 500}

Navigation

POST /tabs/:tabId/back     {"userId": "agent1"}
POST /tabs/:tabId/forward  {"userId": "agent1"}
POST /tabs/:tabId/refresh  {"userId": "agent1"}

Get Links

GET /tabs/:tabId/links?userId=agent1&limit=50

Close Tab

DELETE /tabs/:tabId?userId=agent1

Search Macros

Use these instead of constructing URLs:

Macro Site
@google_search Google
@youtube_search YouTube
@amazon_search Amazon
@reddit_search Reddit
@wikipedia_search Wikipedia
@twitter_search Twitter/X
@yelp_search Yelp
@linkedin_search LinkedIn

Element Refs

Refs like e1, e2 are stable identifiers for page elements:

  1. Call /snapshot to get current refs
  2. Use ref in /click or /type
  3. Refs reset on navigation - get new snapshot after

Session Management

  • userId isolates cookies/storage between users
  • sessionKey groups tabs by conversation/task (legacy: listItemId also accepted)
  • Sessions timeout after 30 minutes of inactivity
  • Delete all user data: DELETE /sessions/:userId

Running Engines

Camoufox (Default)

npm start
# Or: ./run.sh

Firefox-based with anti-detection. Bypasses Google captcha.

Testing

npm test              # E2E tests
npm run test:live     # Live Google tests
npm run test:debug    # With server output

Docker

docker build -t camofox-browser .
docker run -p 9377:9377 camofox-browser

Key Files

  • server.js - Camoufox engine (routes + browser logic only — NO process.env or child_process)
  • lib/config.js - All process.env reads centralized here
  • lib/youtube.js - YouTube transcript extraction via yt-dlp (child_process isolated here)
  • lib/launcher.js - Subprocess spawning (child_process isolated here)
  • lib/cookies.js - Cookie file I/O
  • lib/metrics.js - Prometheus metrics (lazy-loaded, off by default — set PROMETHEUS_ENABLED=1)
  • lib/request-utils.js - HTTP request classification helpers (actionFromReq, classifyError)
  • lib/snapshot.js - Accessibility tree snapshot
  • lib/macros.js - Search macro URL expansion
  • Dockerfile - Production container

OpenClaw Scanner Isolation (CRITICAL)

OpenClaw's skill-scanner flags plugins that have process.env + network calls (e.g. app.post, fetch, http.request) in the same file, or child_process + network calls in the same file. These patterns suggest potential credential exfiltration.

Rule: No single .js file may contain both halves of a scanner rule pair:

  • process.env lives ONLY in lib/config.js
  • child_process / execFile / spawn live ONLY in lib/youtube.js and lib/launcher.js
  • server.js has the Express routes (app.post, app.get) but ZERO process.env reads and ZERO child_process imports
  • lib/metrics.js has NO process.env and NO HTTP method strings (POST, fetch). Prometheus is lazy-loaded only when PROMETHEUS_ENABLED=1.
  • lib/request-utils.js has HTTP method strings (POST) but NO process.env — safe.
  • When adding new features that need env vars or subprocesses, put that code in a lib/ module and import the result into server.js

Scanner rule details (from src/security/skill-scanner.ts):

  • env-harvesting (CRITICAL): fires when /process\.env/ AND /\bfetch\b|\bpost\b|http\.request/i match the SAME file. Note: the regex is case-insensitive, so string literals like 'POST' and even comments containing process.env will trigger it.
  • dangerous-exec (CRITICAL): child_process import + exec/spawn call in same file
  • potential-exfiltration (WARN): readFile + fetch/post/http.request in same file

This was broken in 1.3.0 (YouTube child_process in server.js), fixed in 1.3.1. Broken again in 1.4.1 (metrics.js had process.env in a comment + 'POST' in actionFromReq), fixed in 1.5.1 by lazy-loading prom-client and splitting actionFromReq into lib/request-utils.js.

Usage Guidance
This package appears to be a real headless-browser server, but there are a few non-trivial security considerations you should check before installing or running it in your OpenClaw agent environment: - Inspect plugin.ts / the OpenClaw integration entrypoint to confirm how the server subprocess is launched. Specifically ensure it does NOT forward the entire host process.env into the server child process. A safe launcher should build an explicit whitelist of only the environment variables the server truly needs (CAMOFOX_PORT, CAMOFOX_COOKIES_DIR, etc.) and exclude unrelated host secrets. - Treat CAMOFOX_API_KEY, proxy credentials (PROXY_USERNAME/PROXY_PASSWORD), and cloud tokens (FLY_API_TOKEN, etc.) as sensitive. If you enable cookie import or proxy features, set these in isolated container/VM secrets (not in a general shell profile) and prefer starting the server manually in that environment rather than letting the plugin spawn it inside a host process that has many other secrets. - The cookie-import flow reads local Netscape-format files and posts cookie data to the server. The code enforces an allowlist directory and file-size limits, which is good — still, only place cookie files you trust into the configured cookies directory. - The project downloads/uses external browser binaries (Camoufox) and optionally yt-dlp; verify the download sources (URLs) before running, and prefer sandboxed execution (separate VM or container) for initial evaluation. - If you do not fully trust the source, run the server in an isolated environment (container/VM) with minimal environment variables set, do not set global CAMOFOX_API_KEY on your workstation, and review plugin launch behavior carefully. If you want, provide the plugin author or repo URL so you can audit plugin.ts and server.js specifically — the assessment would be higher-confidence if those files are reviewed in full.
Capability Analysis
Type: OpenClaw Skill Name: camofox-browser Version: 1.0.0 The camofox-browser bundle is a legitimate and well-architected browser automation server designed for AI agents. It provides high-risk but functional capabilities such as arbitrary JavaScript evaluation (camofox_evaluate), cookie injection for authenticated sessions, and subprocess execution for YouTube transcript extraction (via yt-dlp in lib/youtube.js). These features are aligned with the stated purpose of bypassing bot detection and are protected by security measures including API/Admin key requirements and environment variable whitelisting. The documentation (SKILL.md) explicitly discusses 'Scanner Isolation' techniques to avoid false positives in security scanners by separating sensitive operations (like reading env vars) from network calls, which is implemented cleanly across the codebase (e.g., lib/config.js).
Capability Tags
cryptorequires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The files and APIs match the stated purpose: a headless-browser REST server with snapshotting, element refs, cookie import, downloads, proxy support, and optional yt-dlp integration. Modules (cookies, proxy, downloads, snapshot, macros) are coherent with the description.
Instruction Scope
SKILL.md instructs agents to read local cookie files and POST them to the server (cookie import). The implementation includes path traversal checks and file-size limits, which mitigates some risk, but the overall flow still requires an API key and allows reading local cookie files (sensitive). The README/SKILL.md also documents many env vars (API key, proxy creds, Fly tokens) that the server will read and use; if those are exposed to the plugin process or forwarded to subprocesses, secrets could be leaked. The guide's claim that server.js contains no process.env / child_process seems intended to satisfy scanners, but the codebase does spawn subprocesses (launcher.js, youtube.js) and centralizes env reads in lib/config.js — you'll want to inspect exactly how plugin.ts / openclaw integration launches the server at runtime.
Install Mechanism
This is instruction-only in the registry (no install spec), which reduces automatic install risk. The README references downloading a large Camoufox binary (~300MB) and a Docker build that expects pre-fetched binaries — those downloads are external and should be verified (source URLs not included in the registry metadata). No packaged install script in the skill was provided.
Credentials
The centralized config (lib/config.js) reads many environment variables (CAMOFOX_API_KEY, CAMOFOX_ADMIN_KEY, PROXY_USERNAME/PASSWORD, FLY_API_TOKEN, etc.). lib/config.js exposes a serverEnv object containing these values. launcher.js spawns a subprocess and spreads a provided env object into the child (env: { ...env, CAMOFOX_PORT: String(port) }), which means if the plugin or launcher is given the full host process.env, secrets could be forwarded to the server subprocess. These environment variables are functionally relevant to proxying, cookie import, and cloud deploy, but the skill metadata lists no required envs — so the skill expects sensitive secrets if you enable features. Ensure the plugin uses an explicit whitelist and does not pass the entire host environment.
Persistence & Privilege
always is false. The skill is user-invocable and allows autonomous model invocation (default), which is normal for skills. The ability to spawn and manage a long-running local server subprocess increases blast radius if the plugin is invoked autonomously and is given broad env access — consider restricting agent autonomy or running the server in an isolated environment if you plan to give it sensitive envs or proxy credentials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install camofox-browser
  3. After installation, invoke the skill by name or use /camofox-browser
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of camofox-browser: headless browser automation server for AI agents. - Implements REST API for browser tab creation, navigation, element interaction, and session management. - Supports search macros for Google, YouTube, Amazon, and other major sites. - Provides stable element references, user/session isolation, and robust session timeout/deletion. - Engineered for secure deployment: codebase structured to avoid credential exfiltration risks flagged by OpenClaw scanner. - Includes Docker support, E2E testing, and modular file organization for process/env and subprocess handling.
Metadata
Slug camofox-browser
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Camofox Browser?

Headless browser server enabling AI agents to create tabs, navigate, interact, and capture snapshots with element references locally or in the cloud. It is an AI Agent Skill for Claude Code / OpenClaw, with 145 downloads so far.

How do I install Camofox Browser?

Run "/install camofox-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Camofox Browser free?

Yes, Camofox Browser is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Camofox Browser support?

Camofox Browser is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Camofox Browser?

It is built and maintained by sheffk78 (@sheffk78); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments