← Back to Skills Marketplace
Claw Relay — Browser Access for AI Agents
by
acolombiadev
· GitHub ↗
· v1.0.0
· MIT-0
252
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install claw-relay-browser
Description
Control a remote browser through Claw Relay using the CLI client. Use when you need to navigate authenticated websites, click buttons, fill forms, take scree...
README (SKILL.md)
Claw Relay — OpenClaw CLI Client
If your platform supports MCP (Copilot CLI, Claude Desktop, Gemini CLI), use
skills/browser/SKILL.mdinstead. This skill is for OpenClaw, nanobot, ZeroClaw, and other agents that call tools viaexec.
⚠️ IMPORTANT: No MCP Required
Do NOT write an MCP server, bridge, or wrapper. You already have everything you need:
- The
exectool (built into OpenClaw) - The
relay-client.cjsscript (in this folder)
That's it. One exec call per browser action. No MCP, no bridge, no custom server.
Setup
Set environment variables (or pass as flags):
export CLAW_RELAY_URL="wss://relay.clawrelay.dev/"
export CLAW_RELAY_TOKEN="your-token"
export CLAW_RELAY_AGENT="your-agent-id"
The client script is at skills/openclaw/relay-client.cjs in the claw-relay repo.
Usage
node relay-client.cjs [--url URL] [--token TOKEN] [--agent-id ID] ACTION [ARGS...]
Flags override env vars. Every invocation connects, authenticates, performs ONE action, prints JSON, and exits.
Actions
| Action | Args | Description |
|---|---|---|
navigate |
\x3Curl> |
Navigate to URL |
snapshot |
— | Get accessibility tree with element refs |
screenshot |
[filepath] |
Take screenshot; saves to filepath if given |
click |
\x3Cref> |
Click element by ref |
fill |
\x3Cref> \x3Ctext> |
Replace input content with text |
type |
\x3Cref> \x3Ctext> |
Append text to input |
press |
\x3Ckey> |
Press keyboard key (Enter, Tab, Escape, etc.) |
hover |
\x3Cref> |
Hover over element |
select |
\x3Cref> \x3Cvalues...> |
Select dropdown option(s) |
evaluate |
\x3Cjs> |
Run JavaScript in the page |
close |
— | Close the browser tab |
Workflow
navigate → snapshot → find ref → act → snapshot → verify
- Navigate to the target URL
- Snapshot to read the page and get element refs (e.g.
e3,e7) - Act — click, fill, type, press using refs from the snapshot
- Verify — snapshot again to confirm the page changed
Example: Search GitHub
# Step 1: Navigate
node relay-client.cjs navigate https://github.com
# Step 2: Snapshot to find the search input ref
node relay-client.cjs snapshot
# Step 3: Fill the search box (say ref is e3)
node relay-client.cjs fill e3 claw-relay
# Step 4: Press Enter
node relay-client.cjs press Enter
# Step 5: Snapshot to read results
node relay-client.cjs snapshot
Example: Click a Button
# Find the button
node relay-client.cjs snapshot
# Output shows button at ref e7
# Click it
node relay-client.cjs click e7
# Verify
node relay-client.cjs snapshot
Example: Take a Screenshot
node relay-client.cjs screenshot /tmp/page.png
# Output: {"ok":true,"path":"/tmp/page.png","bytes":...}
Example: Run JavaScript
node relay-client.cjs evaluate "document.title"
OpenClaw exec Integration
Use the exec tool directly. Each call connects, authenticates, performs one action, and exits:
exec: node /path/to/relay-client.cjs snapshot
exec: node /path/to/relay-client.cjs navigate https://github.com
exec: node /path/to/relay-client.cjs click e3
Set CLAW_RELAY_URL, CLAW_RELAY_TOKEN, and CLAW_RELAY_AGENT in your environment or pass them as flags each time.
Do NOT try to keep a persistent connection, start a background process, or write wrapper scripts. The CLI handles connection lifecycle automatically.
Security Constraints
- Allowlist — your agent can only access sites explicitly allowed in its config
- Blocklist — banking, email, and auth providers are always blocked regardless of allowlist
- Rate limiting — actions are rate-limited per agent
- Audit log — every action is logged with agent ID, action, target, and result
Troubleshooting
"Invalid token or agent_id"
- Agent ID is case-sensitive. Check
config.yamlfor exact casing (e.g.,Rusty≠rusty) - Make sure the token matches exactly — no extra spaces or line breaks
- The relay must be restarted after editing
config.yaml
"Agent lacks scope for 'navigate'"
- Your agent's
scopesinconfig.yamldon't include the action you're trying to use - Common scopes:
read(snapshot/screenshot),navigate,interact(click/fill/type),execute(evaluate) - Ask the relay admin to update your scopes
Script errors
- "require is not defined" — the script must be
.cjs, not.js(the repo uses ES modules) - "Cannot find module 'ws'" — run
npm installin therelay-server/directory first
Common mistakes
- ❌ Writing an MCP server or bridge — you don't need one
- ❌ Keeping a persistent connection — each call is stateless
- ❌ Wrapping the CLI in another script — just call it directly via
exec
What Makes This Different
Local browser tools require agent and browser on the same machine. Claw Relay doesn't. Your agent runs anywhere and controls the user's real browser remotely — real cookies, real sessions, real logins. No headless browser, no fake profiles.
Usage Guidance
Key things to consider before installing or enabling this skill:
- Credentials and scope: The SKILL.md requires a CLAW_RELAY_TOKEN/URL/AGENT but the registry metadata lists none — ask the publisher to declare required env vars and describe token scope and expiry. Treat any token as highly sensitive because it grants control over a real user's browser and sessions.
- Arbitrary JS: The 'evaluate' action runs arbitrary JavaScript in the user's real browser and can read cookies/page content; only enable this skill for trusted agents and ensure strong allowlisting/auditing on the relay side.
- Dependency/install gaps: The client needs the 'ws' Node module but no install spec is provided. Request a clear install step or package.json so dependencies are explicit.
- Verify endpoints: Confirm the relay URL is legitimate (don't blindly use the example wss://relay.clawrelay.dev/). The script defaults to ws://localhost:9333 — confirm which endpoint you intend to use.
- Audit and least privilege: Use tokens scoped to the minimum actions needed, enable audit logging on the relay, and prefer time-limited tokens. Test in an isolated environment before granting access to real user sessions.
- Packaging fixes: Ask the author to correct path references, add required env var declarations to registry metadata, include dependency manifest (package.json), and provide a homepage or source repo so you can verify the server-side implementation.
Given the mismatches and the sensitive nature of remote-browser control, treat this skill as suspicious until those questions are resolved.
Capability Analysis
Type: OpenClaw Skill
Name: claw-relay-browser
Version: 1.0.0
The skill provides a CLI client (`relay-client.cjs`) for remote browser automation with high-risk capabilities, including arbitrary JavaScript execution in the browser (`evaluate`) and local file writing (`screenshot`). While these features are consistent with the stated purpose, the script lacks path sanitization when saving screenshots, which could allow an agent to overwrite sensitive local files if manipulated. Additionally, the `SKILL.md` contains explicit steering instructions to bypass standard MCP protocols in favor of direct `exec` calls, increasing the potential impact of any prompt-injection attacks against the agent.
Capability Assessment
Purpose & Capability
The skill's stated purpose (control a remote browser via a CLI client) matches the included script and actions (navigate, snapshot, click, evaluate, screenshot). However the registry metadata lists no required environment variables or primary credential while the SKILL.md explicitly requires CLAW_RELAY_URL, CLAW_RELAY_TOKEN, and CLAW_RELAY_AGENT — a clear mismatch. The script also has a different default URL (ws://localhost:9333) than the SKILL.md examples (wss://relay.clawrelay.dev/), and the SKILL.md references the script path 'skills/openclaw/relay-client.cjs' even though relay-client.cjs is provided at the package root. These inconsistencies suggest sloppy packaging or incomplete metadata.
Instruction Scope
The runtime instructions tell agents to run the included node script via exec and to supply a token/agent id; that's consistent with the goal. But the skill explicitly supports an 'evaluate' action that runs arbitrary JavaScript in the user's real browser and snapshot actions that expose DOM/accessibility trees — behaviors that can access sensitive data (cookies, page content, forms). The SKILL.md does not limit or audit what evaluate may run, and it instructs storing screenshots to disk (fs usage in code). These are expected for a remote-browser tool but materially increase risk and should be justified, scoped, and documented in metadata.
Install Mechanism
This is instruction-only with an included JS client and no formal install spec. The script requires the 'ws' npm module (const WebSocket = require('ws')) but there's no declared dependency or installation step. SKILL.md mentions running 'npm install' in a 'relay-server/' directory which is confusing (the client requires 'ws', not necessarily the server). Missing a clear install step for node dependencies is a packaging omission that could break runtime assumptions or hide needed setup commands.
Credentials
The SKILL.md requires CLAW_RELAY_TOKEN, CLAW_RELAY_URL, and CLAW_RELAY_AGENT (sensitive credentials granting control of a user's real browser), but the registry metadata declares none. Requesting a token that can control browser actions (including arbitrary JS execution) is proportionate to the stated capability only if declared, narrowly scoped, and audited — none of which is present in the registry. The absence of declared required env vars is an important coherence/privacy omission.
Persistence & Privilege
The skill does not request persistent installation or 'always: true'. Autonomous model invocation is allowed (platform default), meaning an agent could invoke the skill without an extra gate; combined with the ability to run arbitrary JS on a real browser and the missing metadata, that increases the potential blast radius. The skill itself instructs not to keep persistent connections, but the agent-level invocation policy is not controlled here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install claw-relay-browser - After installation, invoke the skill by name or use
/claw-relay-browser - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release. Gives AI agents controlled access to a real browser with token auth, scoped permissions, site allowlists, and audit logging.
Metadata
Frequently Asked Questions
What is Claw Relay — Browser Access for AI Agents?
Control a remote browser through Claw Relay using the CLI client. Use when you need to navigate authenticated websites, click buttons, fill forms, take scree... It is an AI Agent Skill for Claude Code / OpenClaw, with 252 downloads so far.
How do I install Claw Relay — Browser Access for AI Agents?
Run "/install claw-relay-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Claw Relay — Browser Access for AI Agents free?
Yes, Claw Relay — Browser Access for AI Agents is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Claw Relay — Browser Access for AI Agents support?
Claw Relay — Browser Access for AI Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Claw Relay — Browser Access for AI Agents?
It is built and maintained by acolombiadev (@andreagriffiths11); the current version is v1.0.0.
More Skills