← 返回 Skills 市场
Camoufox
作者
GoodGoodJM
· GitHub ↗
· v1.0.0
2920
总下载
1
收藏
9
当前安装
1
版本数
在 OpenClaw 中安装
/install camoufox
功能描述
Anti-detect browser automation using Camoufox (Firefox-based). Use instead of Chrome/Playwright for bot-detection-heavy sites like X/Twitter, Naver, and other protected sites. Provides stealth browsing with OS/browser fingerprint spoofing, humanized mouse movements, and persistent sessions.
使用说明 (SKILL.md)
Camoufox
Use instead of OpenClaw's built-in browser tool for bot-detection sites.
Setup (one-time)
bash scripts/setup.sh
Usage
source ~/.openclaw/workspace/camoufox-env/bin/activate
xvfb-run -a --server-args="-screen 0 1920x1080x24" python3 your_script.py
Required Settings
from camoufox.sync_api import Camoufox
with Camoufox(
headless=False, # MUST be False (True gets detected)
os='linux', # MUST match server OS (stack traces leak real OS)
humanize=True,
persistent_context=True,
user_data_dir='~/.openclaw/camoufox-profile'
) as browser:
page = browser.new_page()
# Use standard Playwright API from here
Paths
- venv:
~/.openclaw/workspace/camoufox-env/ - profile:
~/.openclaw/camoufox-profile/
CAPTCHA Handling
First visit to protected sites may need manual CAPTCHA:
DISPLAY=:1 python3 scripts/login_session.py https://site.com/login
Solve via VNC, session saves to profile for future automation.
Scripts
scripts/setup.sh- Install dependenciesscripts/browse.py \x3Curl> --screenshot out.png- Quick browsescripts/login_session.py \x3Curl>- VNC manual login
安全使用建议
Before installing: 1) Verify the 'camoufox' package source — look up its PyPI page and linked repository, confirm maintainers and recent activity; if no repo/homepage exists, treat the package as untrusted. 2) Review the package contents (e.g., pip download + inspect wheel) in an isolated environment before running setup.sh. 3) Be cautious about running setup.sh on a shared/production host — it may invoke sudo apt and will install and import third‑party code. 4) Expect persistent profiles to store cookies and session tokens; do not use with accounts holding sensitive data unless you trust and have audited the package. 5) If you decide to proceed, prefer running inside an isolated VM/container, pin the camoufox version, avoid providing real credentials during initial tests, and audit network activity during setup and runtime. 6) Also consider legal/ethical implications: tools explicitly designed to evade bot detection may violate service terms of use.
功能分析
Type: OpenClaw Skill
Name: camoufox
Version: 1.0.0
The skill bundle is classified as suspicious due to the use of `sudo apt install` in `scripts/setup.sh`. While this is used for installing common system dependencies (`python3-venv`, `xvfb`) required for the skill's stated purpose of browser automation, the use of `sudo` grants elevated privileges and represents a high-risk capability without explicit malicious intent in this specific context. The rest of the skill, including the Python scripts and markdown instructions, appears benign and aligned with its purpose, with no evidence of prompt injection, data exfiltration, or other malicious activities.
能力评估
Purpose & Capability
Name, description, and bundled scripts (browse.py, login_session.py, setup.sh) consistently implement an anti-detect Firefox-based automation workflow: creating a venv, installing a Python package named 'camoufox', running a browser with persistent profile and VNC/Xvfb support. However the skill metadata lacks a homepage or source repo for the camoufox package and the registry owner is opaque, which reduces transparency and raises concern about the origin of the code being installed.
Instruction Scope
SKILL.md instructs the user to run scripts/setup.sh which performs system installs and pip install without verification, and to use VNC for manual CAPTCHA/login flows. The runtime instructions explicitly persist session state and user profiles (~/.openclaw/camoufox-profile), which will store cookies/tokens and could contain credentials. While these behaviors are coherent with the stated goal (persistent sessions, manual login), they expand the attack surface (saved sessions + interactive VNC login) and enable credential capture if misused or if the installed package is malicious.
Install Mechanism
There is no packaged install spec; the provided setup.sh uses pip install camoufox (un-pinned, no hash) and may run sudo apt install for system deps. Installing an unverified PyPI package and running system package installs via sudo is moderate-to-high risk because the package origin/version are not pinned and install-time code can execute. There are no downloads from arbitrary URLs, but lack of a repository/homepage makes verifying the package contents difficult.
Credentials
The skill does not request cloud credentials or environment variables in metadata, which is appropriate. It does create and use local directories and a venv in the user's home by default, and accepts proxy strings (including credentials) at runtime. The main proportional concern is that persisted profiles will hold cookies/session tokens — appropriate for the feature but sensitive in practice.
Persistence & Privilege
The skill is not force-enabled (always:false) and uses default autonomous invocation. It writes only to user-scoped paths (~/.openclaw/workspace and ~/.openclaw/camoufox-profile) and creates a virtualenv. The setup script may call sudo to install system packages (apt/Xvfb), which requires elevated privileges at install time — expected for installing system-level deps but worth noting.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install camoufox - 安装完成后,直接呼叫该 Skill 的名称或使用
/camoufox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of camoufox: stealthy browser automation for bot-protected sites.
- Provides anti-detect automation using a Firefox-based browser with OS/browser fingerprint spoofing.
- Enables human-like mouse movements and persistent sessions for enhanced stealth.
- Designed for use in environments with heavy bot detection such as X/Twitter and Naver.
- Includes setup scripts, persistent profile/session handling, and manual CAPTCHA resolution instructions.
元数据
常见问题
Camoufox 是什么?
Anti-detect browser automation using Camoufox (Firefox-based). Use instead of Chrome/Playwright for bot-detection-heavy sites like X/Twitter, Naver, and other protected sites. Provides stealth browsing with OS/browser fingerprint spoofing, humanized mouse movements, and persistent sessions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2920 次。
如何安装 Camoufox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install camoufox」即可一键安装,无需额外配置。
Camoufox 是免费的吗?
是的,Camoufox 完全免费(开源免费),可自由下载、安装和使用。
Camoufox 支持哪些平台?
Camoufox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Camoufox?
由 GoodGoodJM(@goodgoodjm)开发并维护,当前版本 v1.0.0。
推荐 Skills