← Back to Skills Marketplace
shenzheng9527

Server Browser Automation

by shenzheng9527 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
232
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install server-browser-automation
Description
在无桌面 Ubuntu 服务器上通过 XFCE 虚拟桌面和 Chrome 远程调试实现浏览器自动化及持久登录状态管理。
Usage Guidance
This package appears to implement what it claims (VNC/XFCE + Chrome remote debugging for OpenClaw), but there are important practical issues to review before installing: - The install.sh requires root/sudo and then uses whoami to decide which home directory to configure. If you run it with sudo it will configure root's home (~root) rather than your normal user. Prefer to run as root only if you intend the service for root, or modify the script to use SUDO_USER (or pass an explicit TARGET_USER) so configuration goes into the intended account. - The start-chrome.sh template uses a literal $(whoami) within a single-quoted here-doc; verify the produced script's paths match the actual user who will run it. - The installer will add system packages and the Google Chrome apt repo and start services that listen on network ports (VNC 5901, Chrome remote debugging 18800). Do not expose VNC or Chrome debugging ports to the public internet — use SSH tunnels, noVNC behind authentication, or firewall rules. - Back up ~/.openclaw/openclaw.json if present (the script does create a backup) and inspect changes the script will make. Consider running this in a disposable VM/container first rather than on a production server. - If you need the skill to run for a non-root user, edit install.sh to set VNC_USER from SUDO_USER (fallback to a provided username) and ensure file ownerships and paths are correct. If you want, I can point out the exact lines in install.sh to change (SUDO_USER handling and here-doc quoting) and draft a safer variant of the installer that targets a specific non-root user and doesn't rely on apt-key add.
Capability Analysis
Type: OpenClaw Skill Name: server-browser-automation Version: 1.0.0 The skill automates the setup of a VNC-based browser environment on headless servers, which involves high-risk security configurations. Specifically, `install.sh` and `SKILL.md` configure Google Chrome to run with the `--no-sandbox` flag and expose a remote debugging port (18800), which could allow unauthorized remote control if the server is not properly firewalled. While these actions are aligned with the stated purpose of browser automation, they introduce significant security vulnerabilities by bypassing standard browser isolation and exposing a control interface.
Capability Assessment
Purpose & Capability
The skill's name/description (server-side browser automation with persistent Chrome user data) aligns with the SKILL.md and install.sh actions (install XFCE, VNC, Chrome, configure OpenClaw). However the installer forces root execution and then configures files in the invoking account's home using whoami; in practice this script will configure root's home (or otherwise mis-target user home), which contradicts many examples in SKILL.md that reference a non-root user's /home/your_user paths. This mismatch is a coherence issue that can cause unintended root-scoped configuration.
Instruction Scope
SKILL.md stays within the stated purpose: it instructs installing desktop/VNC, starting Chrome with remote debugging, and doing a manual login so cookies persist. It does instruct the operator to log in to third-party sites (Douyin, Weibo, Twitter) and rely on persistent user-data directories; this gives the agent/local processes access to session cookies and site data, which is intended but should be understood by the user. No instructions reference exfiltration endpoints or unrelated system data.
Install Mechanism
There is no packaged install spec; the provided install.sh performs apt installs and adds Google's Chrome apt repository via dl.google.com (official). Using apt-key add is deprecated but not unusual. The script needs root/sudo and installs system packages — appropriate for this task but high-impact because it modifies system packages and services.
Credentials
The skill declares no environment variables or external credentials, which is consistent with its function. The concern is the required privilege level: the installer demands root/sudo and then uses whoami to derive the target user/home, causing the configuration to target root rather than an unprivileged user in common usage. This is disproportionate in the sense of unexpected scope for a user who intended to install for a regular account. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It does, however, perform system-wide changes (apt installs, adding repo, creating /root or a user's ~/.vnc and ~/.openclaw config) which are persistent and require root. That level of system persistence is expected for installing desktop/VNC on a server but should be accepted consciously by the operator.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install server-browser-automation
  3. After installation, invoke the skill by name or use /server-browser-automation
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: browser automation solution for headless Ubuntu servers. - Provides full OpenClaw browser automation with Chrome in a virtual XFCE desktop via VNC. - Supports persistent logins with user profile modes (cookie persistence). - Allows AI to operate and automate websites requiring authentication. - Includes step-by-step installation (one-click and manual), configuration, troubleshooting, and usage instructions. - Suitable for data scraping, automated testing, scheduled jobs, and batch operations on login-required websites.
Metadata
Slug server-browser-automation
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Server Browser Automation?

在无桌面 Ubuntu 服务器上通过 XFCE 虚拟桌面和 Chrome 远程调试实现浏览器自动化及持久登录状态管理。 It is an AI Agent Skill for Claude Code / OpenClaw, with 232 downloads so far.

How do I install Server Browser Automation?

Run "/install server-browser-automation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Server Browser Automation free?

Yes, Server Browser Automation is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Server Browser Automation support?

Server Browser Automation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Server Browser Automation?

It is built and maintained by shenzheng9527 (@shenzheng9527); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments