← 返回 Skills 市场
kuo77122

Camofox Browser Remote

作者 kuo77122 · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
140
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install camofox-browser-remote
功能描述
Remote-mode anti-detection browser automation using Camoufox (Firefox fork with C++ fingerprint spoofing). Requires CAMOFOX_URL pointing to an externally-man...
使用说明 (SKILL.md)

Camofox Browser — Remote Mode (Docker / Shared Server)

Stealth browser automation via Camoufox. Drives an externally-managed server over HTTP — no install, no local Node process.

Setup (required)

export CAMOFOX_URL=http://172.17.0.1:9377   # required — no default

The server runs externally (Docker container, shared staging, CI). This skill only drives it. See references/docker.md for Docker networking details.

If camofox-remote is not found on PATH: set an alias using the script that ships with this skill. Replace \x3CSKILL_DIR> with the directory containing this SKILL.md file:

alias camofox-remote="bash \x3CSKILL_DIR>/scripts/camofox-remote.sh"

Example: if this SKILL.md is at ~/my-skills/camofox-browser-remote/SKILL.md, use ~/my-skills/camofox-browser-remote.

Trust requirement: Every command — page snapshots, screenshots, typed text, navigation history — is sent over HTTP to CAMOFOX_URL. Only point this at a server you own and control. Do not use a shared or third-party endpoint if you will visit sites with credentials or sensitive data.

Quick Start

camofox-remote open https://example.com      # Create tab + navigate
camofox-remote snapshot                      # Get page elements with @refs
camofox-remote click @e1                     # Click element
camofox-remote type @e2 "hello"              # Type text
camofox-remote screenshot                    # Save PNG
camofox-remote close                         # Close tab

Core Workflow

  1. Navigatecamofox-remote open \x3Curl>
  2. Snapshot — returns an accessibility tree with @e1, @e2 refs (~90% smaller than raw HTML)
  3. Interact — use refs to click, type, scroll
  4. Re-snapshot — after any DOM change, refs are invalidated; get fresh ones
  5. Repeat — the server stays running between commands
camofox-remote open https://example.com/search
camofox-remote snapshot
# @e1 [input] Search box  @e2 [button] Submit
camofox-remote type @e1 "camoufox anti-detection"
camofox-remote click @e2
camofox-remote snapshot                      # MUST re-snapshot after navigation

Commands (at a glance)

Category Commands
Server health, start (no-op — manage container externally), stop (no-op — manage container externally)
Navigation open \x3Curl>, navigate \x3Curl>, back, forward, refresh, scroll [down|up|left|right]
Page state snapshot, screenshot [path], tabs, links
Interaction click @eN, type @eN "text"
Search search google "query" (13 macros — see references/macros.md)
Session --session \x3Cname> \x3Ccmd>, close, close-all

Full reference with curl equivalents: references/commands.md.

Ref Lifecycle (critical)

Refs (@e1, @e2) are invalidated whenever the DOM changes. Always re-snapshot after:

  • Clicking links/buttons that navigate
  • Form submissions
  • Dynamic content loads (infinite scroll, SPA route change)

Environment Variables

Variable Default Meaning
CAMOFOX_URL REQUIRED Remote base URL — e.g. http://172.17.0.1:9377. No default.
CAMOFOX_SESSION default Default session name (isolated cookies/storage)
HTTPS_PROXY (unset) Outbound proxy for the browser

When to Use camofox-browser-remote vs agent-browser

Scenario Tool
Normal websites, no bot detection agent-browser (faster)
Cloudflare / Akamai protected camofox-browser-remote
Sites that block Chromium automation camofox-browser-remote
Need anti-fingerprinting camofox-browser-remote
Need iOS / mobile simulation agent-browser
Need video recording agent-browser

Deep-Dive References

File Load when
references/docker.md Docker setup, networking, compose example, CAMOFOX_URL configuration
references/commands.md Need exact args, output format, or curl equivalent of any command
references/api-reference.md Calling an endpoint the wrapper doesn't expose
references/macros.md Using search macros (@google_search, etc.)
references/troubleshooting.md Debugging failures (connect refused, stale refs, empty snapshots)

Ready-to-Use Templates

File Description
templates/stealth-scrape.sh Full anti-detection scrape (screenshot + snapshot + links)
templates/multi-session.sh Parallel URLs in isolated sessions

Cleanup

Always close when done:

camofox-remote close-all
camofox-remote stop    # no-op in remote mode; manage the container externally
安全使用建议
Key things to consider before installing: (1) The SKILL.md requires CAMOFOX_URL but the registry metadata does not list any required env vars — ask the publisher to correct that. (2) This skill will send page snapshots, screenshots, typed text and navigation metadata to whatever CAMOFOX_URL you set — only point it at a server you control/trust (run your own Camofox container locally or in an isolated network). (3) Do not set CAMOFOX_URL to a third‑party or unknown endpoint if you will interact with credentials, personal data, or corporate sites. (4) Review scripts (scripts/camofox-remote.sh and templates) before aliasing or running them; they use curl and python3 to POST/GET data and write files to /tmp. (5) If you need to allow this skill to run autonomously, restrict network egress or run the agent in an environment where CAMOFOX_URL can only reach your controlled Camofox instance. (6) If the publisher cannot justify the metadata mismatch, treat the skill as untrusted until corrected.
功能分析
Type: OpenClaw Skill Name: camofox-browser-remote Version: 1.0.2 The skill provides a remote browser automation interface using the Camoufox anti-detection browser, communicating with a user-defined endpoint via `CAMOFOX_URL`. It is classified as suspicious because it implements high-risk capabilities, including network communication with a remote API and the transmission of sensitive interaction data (keystrokes, snapshots, screenshots) to that endpoint, which are noted as risky behaviors in the evaluation criteria. Furthermore, the `scripts/camofox-remote.sh` script contains a vulnerability where JSON payloads for several commands (e.g., `open`, `navigate`, `scroll`) are constructed via manual string concatenation rather than safe serialization, potentially allowing for JSON injection if an attacker can influence the arguments passed to the agent. While these features are aligned with the stated goal of remote stealth browsing and the documentation includes security warnings, the combination of inherent risk and lack of robust input sanitization meets the threshold for a suspicious classification.
能力标签
crypto
能力评估
Purpose & Capability
The SKILL.md and included scripts clearly require a CAMOFOX_URL (and optionally CAMOFOX_SESSION / HTTPS_PROXY), write state to /tmp, and drive an external browser over HTTP. But the registry metadata lists no required environment variables or primary credential — that is inconsistent. The code files and templates are consistent with the stated purpose (remote-mode browser automation), so the main coherence problem is the missing CAMOFOX_URL declaration in the metadata.
Instruction Scope
Runtime instructions and the script send snapshots, screenshots, typed text, tab IDs and navigation history to whatever CAMOFOX_URL is set to (via curl). The SKILL.md warns users to only point at a server they control, which is appropriate, but this behavior means pointing CAMOFOX_URL at an attacker-controlled host would exfiltrate sensitive browsing data. The scripts also read/write local state files (/tmp/camofox-state and /tmp/camofox-screenshots) and reference local paths in templates (e.g., $HOME/.claude/skills...), which is expected for this tool.
Install Mechanism
There is no install spec; the skill is instruction/script-based and runs local bash/python3/curl commands already present on the host. That is low-risk compared to downloading and executing remote archives. The bundle does include executable scripts and templates that will be run locally if invoked.
Credentials
The runtime requires CAMOFOX_URL (mandatory), CAMOFOX_SESSION (optional) and optionally HTTPS_PROXY, but the registry metadata omitted these requirements. No cloud credentials are requested (good), however the required CAMOFOX_URL grants the remote server full visibility into snapshots, screenshots, typed data and navigation — a high-sensitivity capability that must be justified and limited. The mismatch between declared and actual env requirements is unexpected and should be corrected.
Persistence & Privilege
The skill does not request always:true and is user-invocable; autonomous invocation is allowed by default. The script stores transient state and screenshots under /tmp which is normal for this use case. Because the agent can invoke skills autonomously, a compromised or malicious CAMOFOX_URL could be abused at runtime — but autonomous invocation alone is not a disqualifying issue.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install camofox-browser-remote
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /camofox-browser-remote 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Added setup instructions for users who do not have camofox-remote on PATH, including how to set a Bash alias using the provided script. - No other changes detected.
v1.0.1
- Added a security warning emphasizing that all commands and page data are sent over HTTP to the server specified by CAMOFOX_URL, and should only be pointed at servers you own and control. - Updated the "Quick Start" and example workflows for clarity with more business-relevant site examples. - No functional or command changes.
v1.0.0
Initial public release of camofox-browser-remote. - Provides remote-mode browser automation using Camoufox, a Firefox fork with advanced fingerprint spoofing. - Designed to bypass bot detection systems like Cloudflare and Akamai; useful when conventional tools get blocked. - Requires a pre-configured remote server (e.g., Docker container) via CAMOFOX_URL. - Supports navigation, interaction (click, type), snapshots, screenshots, and session management over HTTP. - Includes concise setup instructions, command summaries, references, and troubleshooting tips.
元数据
Slug camofox-browser-remote
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Camofox Browser Remote 是什么?

Remote-mode anti-detection browser automation using Camoufox (Firefox fork with C++ fingerprint spoofing). Requires CAMOFOX_URL pointing to an externally-man... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 140 次。

如何安装 Camofox Browser Remote?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install camofox-browser-remote」即可一键安装,无需额外配置。

Camofox Browser Remote 是免费的吗?

是的,Camofox Browser Remote 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Camofox Browser Remote 支持哪些平台?

Camofox Browser Remote 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Camofox Browser Remote?

由 kuo77122(@kuo77122)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论