← 返回 Skills 市场
Anemone Browser
作者
Eason Chen
· GitHub ↗
· v1.1.0
421
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install anemone-browser
功能描述
Managed headful Chrome browser for OpenClaw agents with anti-bot-detection, human-in-the-loop VNC takeover, and multi-session window isolation. Use when: (1)...
使用说明 (SKILL.md)
Anemone Browser — Managed Browser for OpenClaw Agents
Headful Chrome with anti-detection, VNC takeover, and multi-session isolation. Works on Mac, Linux, Docker — anywhere OpenClaw runs.
Setup
macOS
bash scripts/setup-mac.sh
Detects Chrome, configures OpenClaw browser profile. After setup:
openclaw browser start
# Agent's browser tool works automatically
Note: macOS setup does NOT include VNC/noVNC. The user is expected to access the Mac via their own remote desktop solution (e.g. macOS Screen Sharing, Tailscale, or physical access). VNC takeover with noVNC links is only available on Linux.
Linux / Docker
# Install deps (once)
bash scripts/setup.sh
# Start browser + VNC environment
bash scripts/start.sh [password] [novnc_port] [cdp_port] [resolution]
start.sh outputs the noVNC URL, password, and CDP port. Safe to re-run.
OpenClaw Config
Setup scripts configure this automatically. Manual reference:
macOS:
{
"browser": {
"enabled": true,
"defaultProfile": "openclaw",
"headless": false,
"executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
}
}
Linux:
{
"browser": {
"enabled": true,
"headless": false,
"noSandbox": true,
"executablePath": "/usr/bin/google-chrome-stable"
}
}
Multi-Session Window Isolation
Multiple sessions share one Chrome (same cookies/logins) but each gets its own window.
Rules (MUST follow):
-
On session start — open your own tab, save the targetId:
browser action=open targetUrl="https://example.com" profile=openclaw # Returns targetId — THIS IS YOURS, save it -
ALL subsequent calls — always include your targetId:
browser action=snapshot profile=openclaw targetId="\x3Cyour-targetId>" browser action=navigate profile=openclaw targetId="\x3Cyour-targetId>" targetUrl="..." browser action=act profile=openclaw targetId="\x3Cyour-targetId>" ... -
On session end — close your tab:
browser action=close targetId="\x3Cyour-targetId>" -
NEVER operate without targetId — you'll land on another session's tab.
-
NEVER pick another session's tab from
browser action=tabs.
Opening a new window (not tab) via CDP:
import json, asyncio, websockets, urllib.request
async def open_new_window(cdp_port, url):
version = json.loads(urllib.request.urlopen(f"http://127.0.0.1:{cdp_port}/json/version").read())
async with websockets.connect(version["webSocketDebuggerUrl"]) as ws:
await ws.send(json.dumps({
"id": 1, "method": "Target.createTarget",
"params": {"url": url, "newWindow": True}
}))
resp = json.loads(await ws.recv())
return resp["result"]["targetId"]
Architecture:
Chrome (one instance, one profile, shared cookies)
├── Window targetId=AAA → Session A
├── Window targetId=BBB → Session B
└── Window targetId=CCC → Session C
VNC Takeover (CRITICAL)
When hitting a CAPTCHA, login wall, or any blocker, send the user a noVNC link:
https://\x3CIP>:\x3CNOVNC_PORT>/vnc.html?password=\x3CPASSWORD>&autoconnect=true&resize=scale
Constructing the link:
Linux/Docker (from start.sh output):
https://57.129.90.145:10150/vnc.html?password=e0GGP4xeMUL5ga&autoconnect=true&resize=scale
- IP: server's public or Tailscale IP
- Port + password: from start.sh output
macOS: VNC takeover is NOT available. The user must access the Mac directly (physical access, macOS Screen Sharing, or their own remote desktop solution).
Takeover flow:
- Agent detects blocker (CAPTCHA, login, 2FA)
- Agent sends noVNC link to user
- User opens link → sees Chrome → solves the problem
- User confirms done → agent continues
Anti-Detection
- Headful Chrome — no
HeadlessChromein UA --disable-blink-features=AutomationControlled— nonavigator.webdriver=true- UA override via CDP if needed:
{"method": "Network.setUserAgentOverride", "params": { "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" }}
Security
- SSL/TLS on noVNC (self-signed cert)
- Random 14-char password (Linux) or system auth (macOS)
- CDP: localhost only, never exposed to network
- Chrome Policy:
file://,javascript:,data:text/htmlblocked; extensions blocked; DevTools disabled
Important: No Kiosk Mode
Do NOT use Chrome's --kiosk flag. It hides the tab bar and address bar, making multi-window unusable via VNC. Use --start-maximized instead.
安全使用建议
This package is internally consistent with its stated goal, but it performs system-level installs and exposes an interactive VNC endpoint — proceed carefully. Recommended steps before installing: (1) Review the start.sh and setup.sh contents (they are included) and run them in an isolated environment (container or VM) first; (2) Do not publish the noVNC port to the public internet without a firewall and additional access control; websockify/noVNC will present the VNC session over HTTPS with a self-signed cert and the generated password — rotate/change the password and consider using a VPN/Tailscale or SSH tunnel to restrict access; (3) Be aware the scripts write /etc/opt/chrome/policies/managed (system Chrome policy) and create files under /root — expect system-wide effects; (4) If using Docker, avoid publishing the CDP port (9222) or web ports to public hosts unless intended; CDP is bound to 127.0.0.1 by the script but misconfigured host port mappings could expose it; (5) Treat any example IPs/passwords in the docs as illustrative — verify the actual runtime outputs before sharing links. If you need stronger assurance, run the setup in an ephemeral VM, audit network exposure, and confirm the service does not leak data to unexpected external endpoints.
功能分析
Type: OpenClaw Skill
Name: anemone-browser
Version: 1.1.0
The skill provides a managed Chrome browser with VNC remote access and anti-detection features. It is classified as suspicious primarily due to the use of the `--no-sandbox` flag when launching Chrome in `scripts/start.sh`, which is a known security vulnerability that disables a critical browser security layer. Additionally, while a core feature, the VNC remote access (exposed via `websockify` in `scripts/start.sh` and instructed for agent use in `SKILL.md`) presents a high-risk capability, even with self-signed SSL and random passwords. There is no evidence of intentional malicious behavior like data exfiltration, unauthorized persistence, or covert remote execution; rather, the skill implements several security hardening measures such as binding CDP to localhost and applying Chrome policies to block `file://` access and disable DevTools.
能力评估
Purpose & Capability
Name/description (managed headful Chrome with VNC and anti-detection) match the included scripts and README. The package contains setup and start scripts that install and run Chrome, Xvfb, x11vnc, noVNC/websockify, and configure Chrome policies — all expected for this goal. There are no unrelated environment variables or external API keys requested.
Instruction Scope
SKILL.md instructs the agent/user to run the provided setup/start scripts and to send a noVNC link to a human when a CAPTCHA appears. This is within scope, but the doc includes a concrete example public IP and password in one place (likely illustrative) — users should not treat example credentials/addresses as a live endpoint. The instructions explicitly require running system-level installers and services and printing the VNC password to stdout, which is functionally required for the human-in-the-loop flow but worth being aware of.
Install Mechanism
There is no platform 'install' manifest, but the included scripts perform apt-get installs and fetch Google Chrome from Google's official dl.google.com URL (expected). The start script writes a Chrome policy to /etc/opt/chrome/policies/managed (system-wide change), generates a self-signed cert under /root/.vnc, copies a start script into /root, and runs services (Xvfb, x11vnc, websockify). These are coherent with purpose but are high-impact system changes (require root).
Credentials
The skill requests no environment variables or external credentials. It does, however, generate and store a VNC password locally (/root/.vnc/passwd) and prints the password/URL for user access — necessary for the human takeover feature. The scripts require elevated privileges to install packages and write system Chrome policies; that privilege requirement is proportionate to what the scripts do but should be accepted consciously by the operator.
Persistence & Privilege
always:false and normal autonomous invocation settings are used. The skill modifies system-level Chrome policy files and writes files under /root (persistent artifacts), which is expected for altering Chrome behavior but is a persistent, system-wide change that could affect other Chrome users on the host. The skill does not request to modify other skills or agent-wide config beyond the OpenClaw browser config (macOS CLI config changes are explicit in setup-mac.sh).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install anemone-browser - 安装完成后,直接呼叫该 Skill 的名称或使用
/anemone-browser触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Rebrand to Anemone Browser for better discoverability
元数据
常见问题
Anemone Browser 是什么?
Managed headful Chrome browser for OpenClaw agents with anti-bot-detection, human-in-the-loop VNC takeover, and multi-session window isolation. Use when: (1)... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 421 次。
如何安装 Anemone Browser?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install anemone-browser」即可一键安装,无需额外配置。
Anemone Browser 是免费的吗?
是的,Anemone Browser 完全免费(开源免费),可自由下载、安装和使用。
Anemone Browser 支持哪些平台?
Anemone Browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Anemone Browser?
由 Eason Chen(@easonc13)开发并维护,当前版本 v1.1.0。
推荐 Skills