← 返回 Skills 市场
easonc13

Anemone Browser

作者 Eason Chen · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
458
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install anemone
功能描述
Managed headful Chrome browser for OpenClaw agents with anti-bot-detection, human-in-the-loop VNC takeover, and multi-session window isolation. Use when: (1)...
使用说明 (SKILL.md)

Anemone Browser — Managed Browser for OpenClaw Agents

Headful Chrome with anti-detection, VNC takeover, and multi-session isolation. Works on Mac, Linux, Docker — anywhere OpenClaw runs.

Setup

macOS

bash scripts/setup-mac.sh

Detects Chrome, configures OpenClaw browser profile. After setup:

openclaw browser start
# Agent's browser tool works automatically

Note: macOS setup does NOT include VNC/noVNC. The user is expected to access the Mac via their own remote desktop solution (e.g. macOS Screen Sharing, Tailscale, or physical access). VNC takeover with noVNC links is only available on Linux.

Linux / Docker

# Install deps (once)
bash scripts/setup.sh

# Start browser + VNC environment (password is MANDATORY by default)
bash scripts/start.sh [password] [novnc_port] [cdp_port] [resolution]

# Without specifying password → random 14-char password auto-generated
bash scripts/start.sh

# Explicitly no password (NOT recommended)
bash scripts/start.sh --dangerously-no-password [novnc_port] [cdp_port] [resolution]

start.sh outputs the noVNC URL (with password in URL param), password, and CDP port. Safe to re-run. VNC always requires a password. The noVNC URL always includes ?password=... so the user doesn't need to type it. The only way to skip is --dangerously-no-password.

OpenClaw Config

Setup scripts configure this automatically. Manual reference:

macOS:

{
  "browser": {
    "enabled": true,
    "defaultProfile": "openclaw",
    "headless": false,
    "executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
  }
}

Linux:

{
  "browser": {
    "enabled": true,
    "headless": false,
    "noSandbox": true,
    "executablePath": "/usr/bin/google-chrome-stable"
  }
}

Multi-Session Window Isolation

Multiple sessions share one Chrome (same cookies/logins) but each gets its own window.

Rules (MUST follow):

  1. On session start — open your own tab, save the targetId:

    browser action=open targetUrl="https://example.com" profile=openclaw
# Returns targetId — THIS IS YOURS, save it

  2. ALL subsequent calls — always include your targetId:

    browser action=snapshot profile=openclaw targetId="\x3Cyour-targetId>"
browser action=navigate profile=openclaw targetId="\x3Cyour-targetId>" targetUrl="..."
browser action=act profile=openclaw targetId="\x3Cyour-targetId>" ...

  3. On session end — close your tab:

    browser action=close targetId="\x3Cyour-targetId>"

  4. NEVER operate without targetId — you'll land on another session's tab.

  5. NEVER pick another session's tab from browser action=tabs.

Opening a new window (not tab) via CDP:

import json, asyncio, websockets, urllib.request

async def open_new_window(cdp_port, url):
    version = json.loads(urllib.request.urlopen(f"http://127.0.0.1:{cdp_port}/json/version").read())
    async with websockets.connect(version["webSocketDebuggerUrl"]) as ws:
        await ws.send(json.dumps({
            "id": 1, "method": "Target.createTarget",
            "params": {"url": url, "newWindow": True}
        }))
        resp = json.loads(await ws.recv())
        return resp["result"]["targetId"]

Architecture:

Chrome (one instance, one profile, shared cookies)
├── Window targetId=AAA → Session A
├── Window targetId=BBB → Session B
└── Window targetId=CCC → Session C

VNC Takeover (CRITICAL)

When hitting a CAPTCHA, login wall, or any blocker, send the user a noVNC link:

https://\x3CIP>:\x3CNOVNC_PORT>/vnc.html?password=\x3CPASSWORD>&autoconnect=true&resize=scale

Constructing the link:

Linux/Docker (from start.sh output):

https://57.129.90.145:10150/vnc.html?password=e0GGP4xeMUL5ga&autoconnect=true&resize=scale
  • IP: server's public or Tailscale IP
  • Port + password: from start.sh output

macOS: VNC takeover is NOT available. The user must access the Mac directly (physical access, macOS Screen Sharing, or their own remote desktop solution).

Takeover flow:

  1. Agent detects blocker (CAPTCHA, login, 2FA)
  2. Agent sends noVNC link to user
  3. User opens link → sees Chrome → solves the problem
  4. User confirms done → agent continues

Anti-Detection

  • Headful Chrome — no HeadlessChrome in UA
  • --disable-blink-features=AutomationControlled — no navigator.webdriver=true
  • UA override via CDP if needed: 
    {"method": "Network.setUserAgentOverride", "params": {
  "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36"
}}

Security

  • SSL/TLS on noVNC (self-signed cert)
  • Random 14-char password (Linux) or system auth (macOS)
  • CDP: localhost only, never exposed to network
  • Chrome Policy: file://, javascript:, data:text/html blocked; extensions blocked; DevTools disabled

Important: No Kiosk Mode

Do NOT use Chrome's --kiosk flag. It hides the tab bar and address bar, making multi-window unusable via VNC. Use --start-maximized instead.

Troubleshooting

Chrome window not visible in VNC

Symptoms: VNC connects but shows only Ubuntu splash screen, no Chrome window.

Common causes and fixes:

  1. Fluxbox crashed (becomes defunct):

    • Check: ps aux | grep fluxbox | grep defunct
    • Fix: Restart fluxbox 
      export DISPLAY=:99
fluxbox &

  2. Stale X display lock files:

    • Check: ls -la /tmp/.X*lock
    • Fix: Use a different display number, or remove lock if no Xvfb running 
      rm -f /tmp/.X99-lock

  3. Chrome window minimized or hidden:

    • Check: xwininfo -root -tree to find Chrome window ID
    • Fix: Use python-xlib to raise and resize: 
      from Xlib.display import Display
d = Display(':99')
window = d.create_resource_object('window', 0x800001)  # Chrome's window ID
window.configure(x=0, y=0, width=1920, height=1040)
window.configure(stack_mode='Above')
d.sync()

  4. X11vnc not capturing properly:

    • Restart x11vnc after fluxbox: 
      pkill x11vnc
x11vnc -display :99 -forever -shared -rfbauth ~/.vnc/passwd -rfbport 5900 -bg

Complete restart procedure

If all else fails, kill and restart everything:

# Kill all
pkill -9 -u $USER chrome
pkill -9 -u $USER x11vnc
pkill -9 -u $USER Xvfb
pkill -9 -u $USER fluxbox
pkill -9 -u $USER websockify
sleep 2

# Start fresh (use new display number to avoid stale locks)
rm -f /tmp/.X30-lock
Xvfb :30 -screen 0 1920x1080x24 &
sleep 2
export DISPLAY=:30
fluxbox &
sleep 2
google-chrome-stable --no-sandbox --disable-gpu ... &
sleep 4
x11vnc -display :30 -forever -shared -rfbauth ~/.vnc/passwd -rfbport 5900 -bg
sleep 1
websockify --web=/usr/share/novnc --cert=~/.vnc/combined.pem 15005 localhost:5900 -D

Auto-Recovery (healthcheck.sh)

start.sh automatically installs a cron job that runs healthcheck.sh every 2 minutes. It monitors all 5 components and auto-restarts any that crash or become defunct:

  • Xvfb — cleans stale lock files, restarts display
  • fluxbox — detects defunct (zombie) state, kills and restarts
  • x11vnc — restarts VNC server
  • websockify — restarts noVNC proxy
  • Chrome — restarts with same CDP port and anti-detection flags

Logs: /tmp/anemone-healthcheck.log

Manual run:

bash /root/healthcheck.sh [display_num] [vnc_port] [novnc_port] [cdp_port]
# defaults: 99 5900 6080 9222

To check status:

tail -20 /tmp/anemone-healthcheck.log

To disable:

crontab -l | grep -v healthcheck | crontab -
安全使用建议
This package appears to do what it says — manage a headful Chrome + VNC environment — but it makes root-level changes and persists a cron job, cookies/profile files, and certs under /root and /etc. Before installing: 1) Only run it on a dedicated machine/container or VM you control (do not install on a shared production host). 2) Expect apt installs and writes to /root and /etc; review scripts (they are included) and confirm you trust the author. 3) Note that noVNC links include the VNC password in the URL and the CLI may attempt to discover the host's public IP via ifconfig.me — treat links as sensitive and use network controls/firewalling. 4) Avoid using the --dangerously-no-password mode. 5) If you need less privilege, consider running the stack inside an isolated container and exposing only necessary ports. 6) After install, inspect crontab, /root/.vnc, /root/.chrome-profile, and /etc/opt/chrome/policies/managed to confirm expected files and remove the cron if you do not want automatic healthchecks.
功能分析
Type: OpenClaw Skill Name: anemone Version: 1.1.0 The Anemone Browser bundle provides a managed headful Chrome environment with VNC access for human-in-the-loop intervention. The code is well-documented and includes several security-conscious features, such as mandatory VNC passwords by default, self-signed SSL for the noVNC proxy, and a managed Chrome policy (in scripts/start.sh) that explicitly blocks 'file://' access and extensions to prevent local data exfiltration. The healthcheck and setup scripts (scripts/setup.sh, scripts/healthcheck.sh) are transparent and focused on service availability rather than persistence or evasion.
能力评估
Purpose & Capability
Name/description match the actual behavior: a Node CLI that installs/starts a headful Chrome + Xvfb + x11vnc + noVNC stack, provides CDP for agents, and offers VNC takeover for humans. The requested npm package, binaries, and scripts are consistent with this purpose. The package expects to run on Linux/macOS and installs system packages on Linux, which is expected for this scope.
Instruction Scope
SKILL.md directs the agent to start the managed browser, present a noVNC link to the user for human takeover, and use CDP on localhost; these are within scope. Points to note: the guidance explicitly has the agent (or CLI) produce and transmit a noVNC URL that contains the VNC password as a query parameter, and the CLI attempts to discover the host public IP via an external service (ifconfig.me). Both are functional for the purpose but leak credentials in URLs and involve external network calls.
Install Mechanism
Installation is via npm (anemone-browser) which provides the CLI binary. Linux setup script installs system packages via apt-get and downloads the official Google Chrome .deb from dl.google.com (an expected source). The installer copies scripts to /root and writes system files (e.g., /etc/opt/chrome/policies/managed/security.json). These actions require elevated privileges and modify system-wide locations; this is consistent with a system-level browser manager but worth attention before running on a host.
Credentials
The skill requests no environment variables or external credentials — appropriate. However, it generates/stores VNC passwords and SSL certs under /root, writes state to /tmp/anemone-state.json (including the VNC password), and prints noVNC URLs with password query params. Those behaviors are proportional to the feature set but carry confidentiality risks (password-in-URL, files under /root and /tmp).
Persistence & Privilege
The package installs a recurring healthcheck cron job (every 2 minutes) under the system/root crontab, creates persistent profile and cert files under /root and /etc, and writes Chrome policies system-wide. This gives the skill a persistent presence on the host and requires root privileges. While aligned with the auto-recovery design, it is a meaningful privilege and persistence vector that the user should explicitly authorize.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install anemone
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /anemone 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Add npm install metadata (anemone-browser package); OpenClaw auto-installs via npm
v1.0.1
Clarify macOS has no VNC; VNC takeover is Linux-only
v1.0.0
Initial release: headful Chrome, anti-detection, VNC takeover, multi-session windows
元数据
Slug anemone
版本 1.1.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 3
常见问题

Anemone Browser 是什么?

Managed headful Chrome browser for OpenClaw agents with anti-bot-detection, human-in-the-loop VNC takeover, and multi-session window isolation. Use when: (1)... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 458 次。

如何安装 Anemone Browser?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install anemone」即可一键安装,无需额外配置。

Anemone Browser 是免费的吗?

是的,Anemone Browser 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Anemone Browser 支持哪些平台?

Anemone Browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Anemone Browser?

由 Eason Chen(@easonc13)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论