← 返回 Skills 市场

Camofox Browser Control

Name: Camofox Browser Control
Author: lotfinity

作者 lotfinity · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install camofox-browser-control

功能描述

Control a standalone camofox-browser server over its REST API, especially when a local or remote service is already running on port 9377. Use for opening tab...

使用说明 (SKILL.md)

Use the standalone camofox-browser server directly over HTTP.

Default assumptions for this workspace:

Base URL: http://127.0.0.1:9377
The service is already running.
userId is mandatory on nearly every useful request.
sessionKey (or legacy listItemId) groups tabs; default to default.

Golden workflow

Check /health.
Create a tab with /tabs.
Call /tabs/:tabId/wait.
Call /tabs/:tabId/snapshot and read refs.
Act with /click, /type, /press, /scroll, or /navigate.
Snapshot again after any state-changing action.

Prefer this loop over HTML scraping.

Hard rules

Always send userId.
Prefer POST /tabs with sessionKey for raw server use.
Re-snapshot after click, type, press, or navigation.
If a field ignores fill, retry with type using mode: "keyboard".
If /tabs returns an empty list, check whether userId was omitted.
Use direct navigation when the target URL is known; do not over-click through search results if a stable URL exists.
Use VNC/manual login for MFA, CAPTCHAs, or brittle auth flows, then reuse storage state or persistence.

Minimal endpoint map

Read references/api-cheatsheet.md when you need request/response shapes.

Most-used endpoints:

GET /health
POST /tabs
GET /tabs?userId=...
POST /tabs/:tabId/wait
GET /tabs/:tabId/snapshot?userId=...
POST /tabs/:tabId/click
POST /tabs/:tabId/type
POST /tabs/:tabId/press
POST /tabs/:tabId/scroll
POST /tabs/:tabId/navigate
POST /tabs/:tabId/evaluate
POST /sessions/:userId/cookies
GET /sessions/:userId/storage_state

Recommended helper script

Use scripts/camofox.py instead of rewriting raw HTTP every time.

Examples:

python3 skills/camofox-browser-control/scripts/camofox.py health
python3 skills/camofox-browser-control/scripts/camofox.py open --user lotfi --session default --url https://github.com
python3 skills/camofox-browser-control/scripts/camofox.py snapshot --user lotfi --tab \x3CtabId>
python3 skills/camofox-browser-control/scripts/camofox.py click --user lotfi --tab \x3CtabId> --ref e17
python3 skills/camofox-browser-control/scripts/camofox.py type --user lotfi --tab \x3CtabId> --ref e2 --text 'hello' --mode fill
python3 skills/camofox-browser-control/scripts/camofox.py type --user lotfi --tab \x3CtabId> --text '97304' --mode keyboard --submit
python3 skills/camofox-browser-control/scripts/camofox.py navigate --user lotfi --tab \x3CtabId> --url https://example.com

Known quirks

GET /tabs without userId can misleadingly show no tabs even when tabs exist.
Refs go stale after page changes. Snapshot again instead of reusing old refs blindly.
click already retries normal click, force click, and mouse sequence; success does not guarantee the frontend changed the state you expect, so verify with a fresh snapshot.
Some sites accept direct URL navigation more reliably than UI clicking.
Some frontend inputs require true keyboard events. Use mode: "keyboard" plus --submit when fill does not trigger app logic.
Large multi-step chained calls are more fragile than short calls with verification between them.

Login strategy

For normal forms:

open → wait → snapshot → type → click/submit → snapshot

For stubborn auth:

use VNC/noVNC login
export storage_state
rely on persistence or restore state on later runs

For cookie bootstrap:

import Netscape cookies through /sessions/:userId/cookies
requires CAMOFOX_API_KEY

Escape hatch

Use /tabs/:tabId/evaluate only when refs/typing/clicking are insufficient. Keep expressions small and targeted.

Local note for this machine

The current host already has a live server on 127.0.0.1:9377, with VNC/noVNC exposed by the container. Treat that as the default target unless the task says otherwise.

安全使用建议

This skill appears to be a simple REST client for a local camofox-browser service, which is coherent — but note the mismatch: the docs mention a CAMOFOX_API_KEY and cookie/storage operations that are not declared or implemented in the helper script. Before installing or using it, verify: (1) whether your deployment actually requires CAMOFOX_API_KEY for /sessions endpoints and where that key would come from; (2) how cookie/storage export/import will be handled and whether sensitive session data might be exposed; (3) that the default target (127.0.0.1:9377) is a trusted local service (the SKILL.md even notes VNC/noVNC exposure). If you need cookie/storage features, ask the author to (a) declare required env vars (CAMOFOX_API_KEY) in metadata, (b) add explicit support in the helper for safe Authorization header handling, and (c) document data-retention/exfiltration risks. If you cannot confirm those, treat cookie/import operations as potentially risky and avoid providing credentials or storage dumps.

功能分析

Type: OpenClaw Skill Name: camofox-browser-control Version: 0.1.0 The skill bundle provides a legitimate interface for controlling a Camoufox browser automation server via a REST API. The Python helper script (scripts/camofox.py) is a clean wrapper for standard browser actions like navigation, clicking, and typing, and the documentation (SKILL.md, api-cheatsheet.md) correctly describes the tool's intended use for automation and session management. While it includes high-privilege capabilities such as JavaScript evaluation and cookie export, these are standard features for browser automation and are implemented without any evidence of malicious intent, obfuscation, or unauthorized data exfiltration.

能力标签

requires-sensitive-credentials

能力评估

ℹ Purpose & Capability

Name, description, SKILL.md, cheatsheet, and the helper script all align: they operate against a camofox-browser REST API (default http://127.0.0.1:9377). The provided Python helper implements the documented endpoints. However, the docs reference an Authorization-protected cookie/storage API (CAMOFOX_API_KEY) that is not declared in requires.env and is not used by the helper script—an inconsistency that should be clarified.

⚠ Instruction Scope

Instructions explicitly tell the agent/operator to import/export cookies and storage_state and to use VNC/noVNC for interactive login. Those operations can move credentials/session material in/out of the system. The SKILL.md also tells to always send userId and suggests a default live server on localhost; while interacting with localhost is expected, the cookie/storage endpoints require an Authorization header per the cheatsheet (not wired into the script). This gap means the instructions expect access to sensitive session data but the skill does not declare how that secret is supplied or protected.

✓ Install Mechanism

This is an instruction-only skill with no install spec; the only code is a small helper script. Nothing is downloaded or written during installation, which is low risk.

⚠ Credentials

requires.env is empty, yet the cheatsheet and SKILL.md mention a CAMOFOX_API_KEY for cookie import and storage_state export. That environment/credential need is not declared and the helper script does not accept or attach an Authorization header. This mismatch could lead to unclear secrets handling (missing, required ad-hoc, or passed in insecure ways).

✓ Persistence & Privilege

The skill is not always-on and does not request elevated or persistent system privileges. It does not modify other skills or system-wide agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install camofox-browser-control
安装完成后，直接呼叫该 Skill 的名称或使用 /camofox-browser-control 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.0

Initial publish: standalone camofox-browser REST skill with helper CLI and API cheatsheet.

元数据

Slug camofox-browser-control

版本 0.1.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题