Description

Anti-detect browser automation using Camoufox (Firefox-based). Use instead of Chrome/Playwright for bot-detection-heavy sites like X/Twitter, Naver, and other protected sites. Provides stealth browsing with OS/browser fingerprint spoofing, humanized mouse movements, and persistent sessions.

README (SKILL.md)

Camoufox

Name: Camoufox
Author: goodgoodjm

Use instead of OpenClaw's built-in browser tool for bot-detection sites.

Setup (one-time)

bash scripts/setup.sh

Usage

source ~/.openclaw/workspace/camoufox-env/bin/activate
xvfb-run -a --server-args="-screen 0 1920x1080x24" python3 your_script.py

Required Settings

from camoufox.sync_api import Camoufox

with Camoufox(
    headless=False,      # MUST be False (True gets detected)
    os='linux',          # MUST match server OS (stack traces leak real OS)
    humanize=True,
    persistent_context=True,
    user_data_dir='~/.openclaw/camoufox-profile'
) as browser:
    page = browser.new_page()
    # Use standard Playwright API from here

Paths

venv: ~/.openclaw/workspace/camoufox-env/
profile: ~/.openclaw/camoufox-profile/

CAPTCHA Handling

First visit to protected sites may need manual CAPTCHA:

DISPLAY=:1 python3 scripts/login_session.py https://site.com/login

Solve via VNC, session saves to profile for future automation.

Scripts

scripts/setup.sh - Install dependencies
scripts/browse.py \x3Curl> --screenshot out.png - Quick browse
scripts/login_session.py \x3Curl> - VNC manual login

Usage Guidance

Before installing: 1) Verify the 'camoufox' package source — look up its PyPI page and linked repository, confirm maintainers and recent activity; if no repo/homepage exists, treat the package as untrusted. 2) Review the package contents (e.g., pip download + inspect wheel) in an isolated environment before running setup.sh. 3) Be cautious about running setup.sh on a shared/production host — it may invoke sudo apt and will install and import third‑party code. 4) Expect persistent profiles to store cookies and session tokens; do not use with accounts holding sensitive data unless you trust and have audited the package. 5) If you decide to proceed, prefer running inside an isolated VM/container, pin the camoufox version, avoid providing real credentials during initial tests, and audit network activity during setup and runtime. 6) Also consider legal/ethical implications: tools explicitly designed to evade bot detection may violate service terms of use.

Capability Analysis

Type: OpenClaw Skill Name: camoufox Version: 1.0.0 The skill bundle is classified as suspicious due to the use of `sudo apt install` in `scripts/setup.sh`. While this is used for installing common system dependencies (`python3-venv`, `xvfb`) required for the skill's stated purpose of browser automation, the use of `sudo` grants elevated privileges and represents a high-risk capability without explicit malicious intent in this specific context. The rest of the skill, including the Python scripts and markdown instructions, appears benign and aligned with its purpose, with no evidence of prompt injection, data exfiltration, or other malicious activities.

Capability Assessment

ℹ Purpose & Capability

Name, description, and bundled scripts (browse.py, login_session.py, setup.sh) consistently implement an anti-detect Firefox-based automation workflow: creating a venv, installing a Python package named 'camoufox', running a browser with persistent profile and VNC/Xvfb support. However the skill metadata lacks a homepage or source repo for the camoufox package and the registry owner is opaque, which reduces transparency and raises concern about the origin of the code being installed.

⚠ Instruction Scope

SKILL.md instructs the user to run scripts/setup.sh which performs system installs and pip install without verification, and to use VNC for manual CAPTCHA/login flows. The runtime instructions explicitly persist session state and user profiles (~/.openclaw/camoufox-profile), which will store cookies/tokens and could contain credentials. While these behaviors are coherent with the stated goal (persistent sessions, manual login), they expand the attack surface (saved sessions + interactive VNC login) and enable credential capture if misused or if the installed package is malicious.

⚠ Install Mechanism

There is no packaged install spec; the provided setup.sh uses pip install camoufox (un-pinned, no hash) and may run sudo apt install for system deps. Installing an unverified PyPI package and running system package installs via sudo is moderate-to-high risk because the package origin/version are not pinned and install-time code can execute. There are no downloads from arbitrary URLs, but lack of a repository/homepage makes verifying the package contents difficult.

ℹ Credentials

The skill does not request cloud credentials or environment variables in metadata, which is appropriate. It does create and use local directories and a venv in the user's home by default, and accepts proxy strings (including credentials) at runtime. The main proportional concern is that persisted profiles will hold cookies/session tokens — appropriate for the feature but sensitive in practice.

ℹ Persistence & Privilege

The skill is not force-enabled (always:false) and uses default autonomous invocation. It writes only to user-scoped paths (~/.openclaw/workspace and ~/.openclaw/camoufox-profile) and creates a virtualenv. The setup script may call sudo to install system packages (apt/Xvfb), which requires elevated privileges at install time — expected for installing system-level deps but worth noting.

Version History

v1.0.0

Initial release of camoufox: stealthy browser automation for bot-protected sites. - Provides anti-detect automation using a Firefox-based browser with OS/browser fingerprint spoofing. - Enables human-like mouse movements and persistent sessions for enhanced stealth. - Designed for use in environments with heavy bot detection such as X/Twitter and Naver. - Includes setup scripts, persistent profile/session handling, and manual CAPTCHA resolution instructions.

Metadata

Slug camoufox

Version 1.0.0

License —

All-time Installs 11

Active Installs 9

Total Versions 1

Frequently Asked Questions

What is Camoufox?

Anti-detect browser automation using Camoufox (Firefox-based). Use instead of Chrome/Playwright for bot-detection-heavy sites like X/Twitter, Naver, and other protected sites. Provides stealth browsing with OS/browser fingerprint spoofing, humanized mouse movements, and persistent sessions. It is an AI Agent Skill for Claude Code / OpenClaw, with 2920 downloads so far.

How do I install Camoufox?

Run "/install camoufox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Camoufox free?

Yes, Camoufox is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Camoufox support?

Camoufox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Camoufox?

It is built and maintained by GoodGoodJM (@goodgoodjm); the current version is v1.0.0.

More Skills

Camoufox

Camoufox

Setup (one-time)

Usage

Required Settings

Paths

CAPTCHA Handling

Scripts

What is Camoufox?

How do I install Camoufox?

Is Camoufox free?

Which platforms does Camoufox support?

Who created Camoufox?

💬 Comments