← Back to Skills Marketplace
easonc13

Anemone Browser

by Eason Chen · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
421
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install anemone-browser
Description
Managed headful Chrome browser for OpenClaw agents with anti-bot-detection, human-in-the-loop VNC takeover, and multi-session window isolation. Use when: (1)...
README (SKILL.md)

Anemone Browser — Managed Browser for OpenClaw Agents

Headful Chrome with anti-detection, VNC takeover, and multi-session isolation. Works on Mac, Linux, Docker — anywhere OpenClaw runs.

Setup

macOS

bash scripts/setup-mac.sh

Detects Chrome, configures OpenClaw browser profile. After setup:

openclaw browser start
# Agent's browser tool works automatically

Note: macOS setup does NOT include VNC/noVNC. The user is expected to access the Mac via their own remote desktop solution (e.g. macOS Screen Sharing, Tailscale, or physical access). VNC takeover with noVNC links is only available on Linux.

Linux / Docker

# Install deps (once)
bash scripts/setup.sh

# Start browser + VNC environment
bash scripts/start.sh [password] [novnc_port] [cdp_port] [resolution]

start.sh outputs the noVNC URL, password, and CDP port. Safe to re-run.

OpenClaw Config

Setup scripts configure this automatically. Manual reference:

macOS:

{
  "browser": {
    "enabled": true,
    "defaultProfile": "openclaw",
    "headless": false,
    "executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
  }
}

Linux:

{
  "browser": {
    "enabled": true,
    "headless": false,
    "noSandbox": true,
    "executablePath": "/usr/bin/google-chrome-stable"
  }
}

Multi-Session Window Isolation

Multiple sessions share one Chrome (same cookies/logins) but each gets its own window.

Rules (MUST follow):

  1. On session start — open your own tab, save the targetId:

    browser action=open targetUrl="https://example.com" profile=openclaw
# Returns targetId — THIS IS YOURS, save it

  2. ALL subsequent calls — always include your targetId:

    browser action=snapshot profile=openclaw targetId="\x3Cyour-targetId>"
browser action=navigate profile=openclaw targetId="\x3Cyour-targetId>" targetUrl="..."
browser action=act profile=openclaw targetId="\x3Cyour-targetId>" ...

  3. On session end — close your tab:

    browser action=close targetId="\x3Cyour-targetId>"

  4. NEVER operate without targetId — you'll land on another session's tab.

  5. NEVER pick another session's tab from browser action=tabs.

Opening a new window (not tab) via CDP:

import json, asyncio, websockets, urllib.request

async def open_new_window(cdp_port, url):
    version = json.loads(urllib.request.urlopen(f"http://127.0.0.1:{cdp_port}/json/version").read())
    async with websockets.connect(version["webSocketDebuggerUrl"]) as ws:
        await ws.send(json.dumps({
            "id": 1, "method": "Target.createTarget",
            "params": {"url": url, "newWindow": True}
        }))
        resp = json.loads(await ws.recv())
        return resp["result"]["targetId"]

Architecture:

Chrome (one instance, one profile, shared cookies)
├── Window targetId=AAA → Session A
├── Window targetId=BBB → Session B
└── Window targetId=CCC → Session C

VNC Takeover (CRITICAL)

When hitting a CAPTCHA, login wall, or any blocker, send the user a noVNC link:

https://\x3CIP>:\x3CNOVNC_PORT>/vnc.html?password=\x3CPASSWORD>&autoconnect=true&resize=scale

Constructing the link:

Linux/Docker (from start.sh output):

https://57.129.90.145:10150/vnc.html?password=e0GGP4xeMUL5ga&autoconnect=true&resize=scale
  • IP: server's public or Tailscale IP
  • Port + password: from start.sh output

macOS: VNC takeover is NOT available. The user must access the Mac directly (physical access, macOS Screen Sharing, or their own remote desktop solution).

Takeover flow:

  1. Agent detects blocker (CAPTCHA, login, 2FA)
  2. Agent sends noVNC link to user
  3. User opens link → sees Chrome → solves the problem
  4. User confirms done → agent continues

Anti-Detection

  • Headful Chrome — no HeadlessChrome in UA
  • --disable-blink-features=AutomationControlled — no navigator.webdriver=true
  • UA override via CDP if needed: 
    {"method": "Network.setUserAgentOverride", "params": {
  "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36"
}}

Security

  • SSL/TLS on noVNC (self-signed cert)
  • Random 14-char password (Linux) or system auth (macOS)
  • CDP: localhost only, never exposed to network
  • Chrome Policy: file://, javascript:, data:text/html blocked; extensions blocked; DevTools disabled

Important: No Kiosk Mode

Do NOT use Chrome's --kiosk flag. It hides the tab bar and address bar, making multi-window unusable via VNC. Use --start-maximized instead.

Usage Guidance
This package is internally consistent with its stated goal, but it performs system-level installs and exposes an interactive VNC endpoint — proceed carefully. Recommended steps before installing: (1) Review the start.sh and setup.sh contents (they are included) and run them in an isolated environment (container or VM) first; (2) Do not publish the noVNC port to the public internet without a firewall and additional access control; websockify/noVNC will present the VNC session over HTTPS with a self-signed cert and the generated password — rotate/change the password and consider using a VPN/Tailscale or SSH tunnel to restrict access; (3) Be aware the scripts write /etc/opt/chrome/policies/managed (system Chrome policy) and create files under /root — expect system-wide effects; (4) If using Docker, avoid publishing the CDP port (9222) or web ports to public hosts unless intended; CDP is bound to 127.0.0.1 by the script but misconfigured host port mappings could expose it; (5) Treat any example IPs/passwords in the docs as illustrative — verify the actual runtime outputs before sharing links. If you need stronger assurance, run the setup in an ephemeral VM, audit network exposure, and confirm the service does not leak data to unexpected external endpoints.
Capability Analysis
Type: OpenClaw Skill Name: anemone-browser Version: 1.1.0 The skill provides a managed Chrome browser with VNC remote access and anti-detection features. It is classified as suspicious primarily due to the use of the `--no-sandbox` flag when launching Chrome in `scripts/start.sh`, which is a known security vulnerability that disables a critical browser security layer. Additionally, while a core feature, the VNC remote access (exposed via `websockify` in `scripts/start.sh` and instructed for agent use in `SKILL.md`) presents a high-risk capability, even with self-signed SSL and random passwords. There is no evidence of intentional malicious behavior like data exfiltration, unauthorized persistence, or covert remote execution; rather, the skill implements several security hardening measures such as binding CDP to localhost and applying Chrome policies to block `file://` access and disable DevTools.
Capability Assessment
Purpose & Capability
Name/description (managed headful Chrome with VNC and anti-detection) match the included scripts and README. The package contains setup and start scripts that install and run Chrome, Xvfb, x11vnc, noVNC/websockify, and configure Chrome policies — all expected for this goal. There are no unrelated environment variables or external API keys requested.
Instruction Scope
SKILL.md instructs the agent/user to run the provided setup/start scripts and to send a noVNC link to a human when a CAPTCHA appears. This is within scope, but the doc includes a concrete example public IP and password in one place (likely illustrative) — users should not treat example credentials/addresses as a live endpoint. The instructions explicitly require running system-level installers and services and printing the VNC password to stdout, which is functionally required for the human-in-the-loop flow but worth being aware of.
Install Mechanism
There is no platform 'install' manifest, but the included scripts perform apt-get installs and fetch Google Chrome from Google's official dl.google.com URL (expected). The start script writes a Chrome policy to /etc/opt/chrome/policies/managed (system-wide change), generates a self-signed cert under /root/.vnc, copies a start script into /root, and runs services (Xvfb, x11vnc, websockify). These are coherent with purpose but are high-impact system changes (require root).
Credentials
The skill requests no environment variables or external credentials. It does, however, generate and store a VNC password locally (/root/.vnc/passwd) and prints the password/URL for user access — necessary for the human takeover feature. The scripts require elevated privileges to install packages and write system Chrome policies; that privilege requirement is proportionate to what the scripts do but should be accepted consciously by the operator.
Persistence & Privilege
always:false and normal autonomous invocation settings are used. The skill modifies system-level Chrome policy files and writes files under /root (persistent artifacts), which is expected for altering Chrome behavior but is a persistent, system-wide change that could affect other Chrome users on the host. The skill does not request to modify other skills or agent-wide config beyond the OpenClaw browser config (macOS CLI config changes are explicit in setup-mac.sh).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install anemone-browser
  3. After installation, invoke the skill by name or use /anemone-browser
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Rebrand to Anemone Browser for better discoverability
Metadata
Slug anemone-browser
Version 1.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Anemone Browser?

Managed headful Chrome browser for OpenClaw agents with anti-bot-detection, human-in-the-loop VNC takeover, and multi-session window isolation. Use when: (1)... It is an AI Agent Skill for Claude Code / OpenClaw, with 421 downloads so far.

How do I install Anemone Browser?

Run "/install anemone-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Anemone Browser free?

Yes, Anemone Browser is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Anemone Browser support?

Anemone Browser is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Anemone Browser?

It is built and maintained by Eason Chen (@easonc13); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments