← Back to Skills Marketplace
kuo77122

Camofox Browser Remote

by kuo77122 · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
140
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install camofox-browser-remote
Description
Remote-mode anti-detection browser automation using Camoufox (Firefox fork with C++ fingerprint spoofing). Requires CAMOFOX_URL pointing to an externally-man...
README (SKILL.md)

Camofox Browser — Remote Mode (Docker / Shared Server)

Stealth browser automation via Camoufox. Drives an externally-managed server over HTTP — no install, no local Node process.

Setup (required)

export CAMOFOX_URL=http://172.17.0.1:9377   # required — no default

The server runs externally (Docker container, shared staging, CI). This skill only drives it. See references/docker.md for Docker networking details.

If camofox-remote is not found on PATH: set an alias using the script that ships with this skill. Replace \x3CSKILL_DIR> with the directory containing this SKILL.md file:

alias camofox-remote="bash \x3CSKILL_DIR>/scripts/camofox-remote.sh"

Example: if this SKILL.md is at ~/my-skills/camofox-browser-remote/SKILL.md, use ~/my-skills/camofox-browser-remote.

Trust requirement: Every command — page snapshots, screenshots, typed text, navigation history — is sent over HTTP to CAMOFOX_URL. Only point this at a server you own and control. Do not use a shared or third-party endpoint if you will visit sites with credentials or sensitive data.

Quick Start

camofox-remote open https://example.com      # Create tab + navigate
camofox-remote snapshot                      # Get page elements with @refs
camofox-remote click @e1                     # Click element
camofox-remote type @e2 "hello"              # Type text
camofox-remote screenshot                    # Save PNG
camofox-remote close                         # Close tab

Core Workflow

  1. Navigatecamofox-remote open \x3Curl>
  2. Snapshot — returns an accessibility tree with @e1, @e2 refs (~90% smaller than raw HTML)
  3. Interact — use refs to click, type, scroll
  4. Re-snapshot — after any DOM change, refs are invalidated; get fresh ones
  5. Repeat — the server stays running between commands
camofox-remote open https://example.com/search
camofox-remote snapshot
# @e1 [input] Search box  @e2 [button] Submit
camofox-remote type @e1 "camoufox anti-detection"
camofox-remote click @e2
camofox-remote snapshot                      # MUST re-snapshot after navigation

Commands (at a glance)

Category Commands
Server health, start (no-op — manage container externally), stop (no-op — manage container externally)
Navigation open \x3Curl>, navigate \x3Curl>, back, forward, refresh, scroll [down|up|left|right]
Page state snapshot, screenshot [path], tabs, links
Interaction click @eN, type @eN "text"
Search search google "query" (13 macros — see references/macros.md)
Session --session \x3Cname> \x3Ccmd>, close, close-all

Full reference with curl equivalents: references/commands.md.

Ref Lifecycle (critical)

Refs (@e1, @e2) are invalidated whenever the DOM changes. Always re-snapshot after:

  • Clicking links/buttons that navigate
  • Form submissions
  • Dynamic content loads (infinite scroll, SPA route change)

Environment Variables

Variable Default Meaning
CAMOFOX_URL REQUIRED Remote base URL — e.g. http://172.17.0.1:9377. No default.
CAMOFOX_SESSION default Default session name (isolated cookies/storage)
HTTPS_PROXY (unset) Outbound proxy for the browser

When to Use camofox-browser-remote vs agent-browser

Scenario Tool
Normal websites, no bot detection agent-browser (faster)
Cloudflare / Akamai protected camofox-browser-remote
Sites that block Chromium automation camofox-browser-remote
Need anti-fingerprinting camofox-browser-remote
Need iOS / mobile simulation agent-browser
Need video recording agent-browser

Deep-Dive References

File Load when
references/docker.md Docker setup, networking, compose example, CAMOFOX_URL configuration
references/commands.md Need exact args, output format, or curl equivalent of any command
references/api-reference.md Calling an endpoint the wrapper doesn't expose
references/macros.md Using search macros (@google_search, etc.)
references/troubleshooting.md Debugging failures (connect refused, stale refs, empty snapshots)

Ready-to-Use Templates

File Description
templates/stealth-scrape.sh Full anti-detection scrape (screenshot + snapshot + links)
templates/multi-session.sh Parallel URLs in isolated sessions

Cleanup

Always close when done:

camofox-remote close-all
camofox-remote stop    # no-op in remote mode; manage the container externally
Usage Guidance
Key things to consider before installing: (1) The SKILL.md requires CAMOFOX_URL but the registry metadata does not list any required env vars — ask the publisher to correct that. (2) This skill will send page snapshots, screenshots, typed text and navigation metadata to whatever CAMOFOX_URL you set — only point it at a server you control/trust (run your own Camofox container locally or in an isolated network). (3) Do not set CAMOFOX_URL to a third‑party or unknown endpoint if you will interact with credentials, personal data, or corporate sites. (4) Review scripts (scripts/camofox-remote.sh and templates) before aliasing or running them; they use curl and python3 to POST/GET data and write files to /tmp. (5) If you need to allow this skill to run autonomously, restrict network egress or run the agent in an environment where CAMOFOX_URL can only reach your controlled Camofox instance. (6) If the publisher cannot justify the metadata mismatch, treat the skill as untrusted until corrected.
Capability Analysis
Type: OpenClaw Skill Name: camofox-browser-remote Version: 1.0.2 The skill provides a remote browser automation interface using the Camoufox anti-detection browser, communicating with a user-defined endpoint via `CAMOFOX_URL`. It is classified as suspicious because it implements high-risk capabilities, including network communication with a remote API and the transmission of sensitive interaction data (keystrokes, snapshots, screenshots) to that endpoint, which are noted as risky behaviors in the evaluation criteria. Furthermore, the `scripts/camofox-remote.sh` script contains a vulnerability where JSON payloads for several commands (e.g., `open`, `navigate`, `scroll`) are constructed via manual string concatenation rather than safe serialization, potentially allowing for JSON injection if an attacker can influence the arguments passed to the agent. While these features are aligned with the stated goal of remote stealth browsing and the documentation includes security warnings, the combination of inherent risk and lack of robust input sanitization meets the threshold for a suspicious classification.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
The SKILL.md and included scripts clearly require a CAMOFOX_URL (and optionally CAMOFOX_SESSION / HTTPS_PROXY), write state to /tmp, and drive an external browser over HTTP. But the registry metadata lists no required environment variables or primary credential — that is inconsistent. The code files and templates are consistent with the stated purpose (remote-mode browser automation), so the main coherence problem is the missing CAMOFOX_URL declaration in the metadata.
Instruction Scope
Runtime instructions and the script send snapshots, screenshots, typed text, tab IDs and navigation history to whatever CAMOFOX_URL is set to (via curl). The SKILL.md warns users to only point at a server they control, which is appropriate, but this behavior means pointing CAMOFOX_URL at an attacker-controlled host would exfiltrate sensitive browsing data. The scripts also read/write local state files (/tmp/camofox-state and /tmp/camofox-screenshots) and reference local paths in templates (e.g., $HOME/.claude/skills...), which is expected for this tool.
Install Mechanism
There is no install spec; the skill is instruction/script-based and runs local bash/python3/curl commands already present on the host. That is low-risk compared to downloading and executing remote archives. The bundle does include executable scripts and templates that will be run locally if invoked.
Credentials
The runtime requires CAMOFOX_URL (mandatory), CAMOFOX_SESSION (optional) and optionally HTTPS_PROXY, but the registry metadata omitted these requirements. No cloud credentials are requested (good), however the required CAMOFOX_URL grants the remote server full visibility into snapshots, screenshots, typed data and navigation — a high-sensitivity capability that must be justified and limited. The mismatch between declared and actual env requirements is unexpected and should be corrected.
Persistence & Privilege
The skill does not request always:true and is user-invocable; autonomous invocation is allowed by default. The script stores transient state and screenshots under /tmp which is normal for this use case. Because the agent can invoke skills autonomously, a compromised or malicious CAMOFOX_URL could be abused at runtime — but autonomous invocation alone is not a disqualifying issue.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install camofox-browser-remote
  3. After installation, invoke the skill by name or use /camofox-browser-remote
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added setup instructions for users who do not have camofox-remote on PATH, including how to set a Bash alias using the provided script. - No other changes detected.
v1.0.1
- Added a security warning emphasizing that all commands and page data are sent over HTTP to the server specified by CAMOFOX_URL, and should only be pointed at servers you own and control. - Updated the "Quick Start" and example workflows for clarity with more business-relevant site examples. - No functional or command changes.
v1.0.0
Initial public release of camofox-browser-remote. - Provides remote-mode browser automation using Camoufox, a Firefox fork with advanced fingerprint spoofing. - Designed to bypass bot detection systems like Cloudflare and Akamai; useful when conventional tools get blocked. - Requires a pre-configured remote server (e.g., Docker container) via CAMOFOX_URL. - Supports navigation, interaction (click, type), snapshots, screenshots, and session management over HTTP. - Includes concise setup instructions, command summaries, references, and troubleshooting tips.
Metadata
Slug camofox-browser-remote
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Camofox Browser Remote?

Remote-mode anti-detection browser automation using Camoufox (Firefox fork with C++ fingerprint spoofing). Requires CAMOFOX_URL pointing to an externally-man... It is an AI Agent Skill for Claude Code / OpenClaw, with 140 downloads so far.

How do I install Camofox Browser Remote?

Run "/install camofox-browser-remote" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Camofox Browser Remote free?

Yes, Camofox Browser Remote is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Camofox Browser Remote support?

Camofox Browser Remote is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Camofox Browser Remote?

It is built and maintained by kuo77122 (@kuo77122); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments