← 返回 Skills 市场
shenzheng9527

Server Browser Automation

作者 shenzheng9527 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
232
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install server-browser-automation
功能描述
在无桌面 Ubuntu 服务器上通过 XFCE 虚拟桌面和 Chrome 远程调试实现浏览器自动化及持久登录状态管理。
安全使用建议
This package appears to implement what it claims (VNC/XFCE + Chrome remote debugging for OpenClaw), but there are important practical issues to review before installing: - The install.sh requires root/sudo and then uses whoami to decide which home directory to configure. If you run it with sudo it will configure root's home (~root) rather than your normal user. Prefer to run as root only if you intend the service for root, or modify the script to use SUDO_USER (or pass an explicit TARGET_USER) so configuration goes into the intended account. - The start-chrome.sh template uses a literal $(whoami) within a single-quoted here-doc; verify the produced script's paths match the actual user who will run it. - The installer will add system packages and the Google Chrome apt repo and start services that listen on network ports (VNC 5901, Chrome remote debugging 18800). Do not expose VNC or Chrome debugging ports to the public internet — use SSH tunnels, noVNC behind authentication, or firewall rules. - Back up ~/.openclaw/openclaw.json if present (the script does create a backup) and inspect changes the script will make. Consider running this in a disposable VM/container first rather than on a production server. - If you need the skill to run for a non-root user, edit install.sh to set VNC_USER from SUDO_USER (fallback to a provided username) and ensure file ownerships and paths are correct. If you want, I can point out the exact lines in install.sh to change (SUDO_USER handling and here-doc quoting) and draft a safer variant of the installer that targets a specific non-root user and doesn't rely on apt-key add.
功能分析
Type: OpenClaw Skill Name: server-browser-automation Version: 1.0.0 The skill automates the setup of a VNC-based browser environment on headless servers, which involves high-risk security configurations. Specifically, `install.sh` and `SKILL.md` configure Google Chrome to run with the `--no-sandbox` flag and expose a remote debugging port (18800), which could allow unauthorized remote control if the server is not properly firewalled. While these actions are aligned with the stated purpose of browser automation, they introduce significant security vulnerabilities by bypassing standard browser isolation and exposing a control interface.
能力评估
Purpose & Capability
The skill's name/description (server-side browser automation with persistent Chrome user data) aligns with the SKILL.md and install.sh actions (install XFCE, VNC, Chrome, configure OpenClaw). However the installer forces root execution and then configures files in the invoking account's home using whoami; in practice this script will configure root's home (or otherwise mis-target user home), which contradicts many examples in SKILL.md that reference a non-root user's /home/your_user paths. This mismatch is a coherence issue that can cause unintended root-scoped configuration.
Instruction Scope
SKILL.md stays within the stated purpose: it instructs installing desktop/VNC, starting Chrome with remote debugging, and doing a manual login so cookies persist. It does instruct the operator to log in to third-party sites (Douyin, Weibo, Twitter) and rely on persistent user-data directories; this gives the agent/local processes access to session cookies and site data, which is intended but should be understood by the user. No instructions reference exfiltration endpoints or unrelated system data.
Install Mechanism
There is no packaged install spec; the provided install.sh performs apt installs and adds Google's Chrome apt repository via dl.google.com (official). Using apt-key add is deprecated but not unusual. The script needs root/sudo and installs system packages — appropriate for this task but high-impact because it modifies system packages and services.
Credentials
The skill declares no environment variables or external credentials, which is consistent with its function. The concern is the required privilege level: the installer demands root/sudo and then uses whoami to derive the target user/home, causing the configuration to target root rather than an unprivileged user in common usage. This is disproportionate in the sense of unexpected scope for a user who intended to install for a regular account. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It does, however, perform system-wide changes (apt installs, adding repo, creating /root or a user's ~/.vnc and ~/.openclaw config) which are persistent and require root. That level of system persistence is expected for installing desktop/VNC on a server but should be accepted consciously by the operator.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install server-browser-automation
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /server-browser-automation 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: browser automation solution for headless Ubuntu servers. - Provides full OpenClaw browser automation with Chrome in a virtual XFCE desktop via VNC. - Supports persistent logins with user profile modes (cookie persistence). - Allows AI to operate and automate websites requiring authentication. - Includes step-by-step installation (one-click and manual), configuration, troubleshooting, and usage instructions. - Suitable for data scraping, automated testing, scheduled jobs, and batch operations on login-required websites.
元数据
Slug server-browser-automation
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Server Browser Automation 是什么?

在无桌面 Ubuntu 服务器上通过 XFCE 虚拟桌面和 Chrome 远程调试实现浏览器自动化及持久登录状态管理。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 232 次。

如何安装 Server Browser Automation?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install server-browser-automation」即可一键安装,无需额外配置。

Server Browser Automation 是免费的吗?

是的,Server Browser Automation 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Server Browser Automation 支持哪些平台?

Server Browser Automation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Server Browser Automation?

由 shenzheng9527(@shenzheng9527)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论