Community code plugin. Review compatibility and verification before install.
Latest release: v1.2.1Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated package purpose includes search and browser automation, and the artifacts do disclose CDP, Playwright, stealth search, screenshots, form filling, and real/headless Chrome control. The concern is the breadth: arbitrary page JavaScript, click/fill/upload actions, screenshots/PDF export, tab control, and Cloudflare-bypass behavior are high-impact capabilities with little built-in containment.
Instruction Scope
SKILL.md and the generated TOOLS.md block broadly instruct agents to avoid native web/browser tools and use terminal exec/run_command for almost all web tasks. They do not require user confirmation before state-changing browser actions, uploads, screenshots, or arbitrary page-context JavaScript.
Install Mechanism
The plugin is enabled on startup and code modifies Dockerfile, entrypoint.sh, docker-compose.yml, and .openclaw/openclaw.json to install/run Chromium, expose CDP on port 9222, and add host.docker.internal access. Those changes are disclosed in part, but are automatic and lack an explicit diff/approval/rollback step.
Credentials
On startup it copies executable helper scripts and skill instructions into every configured agent workspace and patches each workspace's TOOLS.md. Cross-agent instruction and workspace modification is broader than necessary for a single browser/search plugin.
Persistence & Privilege
The package creates persistent workspace files, plugin-skills entries, TOOLS.md managed blocks, browser configuration, Docker/runtime changes, and a CDP-accessible browser service. It also chmods plugin files and can bridge local files into web sessions via upload and page contents into local files via screenshot/PDF.
Scan Findings in Context
[VirusTotal] expected: VirusTotal telemetry is clean and does not support a malicious verdict.
[staticScan] expected: The static scan reported clean, but manual artifact review found high-impact behavior that the static scan did not flag.
[LP3] unexpected: Verified that the skill tells agents to invoke shell/terminal commands for search and browsing rather than exposing narrowly scoped OpenClaw tools. Command-backed helpers are coherent for a code plugin, but the broad mandatory exec path is under-scoped.
[TP4] expected: Downgraded in part: the manifest and README do disclose browser automation, CDP, stealth search, and real/headless Chrome. The remaining concern is not hidden malware, but the high-impact scope and lack of action-level controls.
[SDI-1] expected: Browser automation, CDP connection, Playwright/Chromium setup, and stealth search are real and largely disclosed by the package name, manifest, and README, so this is not a simple undisclosed search-only package.
[SDI-2] unexpected: Accepted as a material Review concern where it covers automatic Docker/runtime patching, host CDP forwarding, cross-workspace script copying, TOOLS.md patching, arbitrary page JavaScript, form actions, uploads, and local screenshot/PDF writes without clear user-directed approval.
[SQP-1] unexpected: Verified that the skill's activation guidance is broad and pushes use of the high-privilege terminal/browser path for routine online lookup requests.
[SQP-2] unexpected: Verified that the docs list powerful browser actions but do not provide adequate privacy, credential, authenticated-session, consent, or state-change warnings.
What to consider before installing
Install only if you intentionally want an agent to control a Chromium/Chrome browser and modify OpenClaw workspaces at startup. Review the generated Docker/runtime changes and workspace TOOLS.md edits first, use an isolated browser profile, avoid logged-in or sensitive sites, and do not allow arbitrary JavaScript, file uploads, screenshots, or form submissions unless you explicitly requested them.Verification
Tags
OpenClaw Smart Search & Browser Automation Plugin 🌐
Consolidated, zero-token, Cloudflare-bypassing Smart Search and dynamic Browser CDP controller plugin for OpenClaw.
🚀 Features
- Smart Search (
search-tool.js):- No API Key required, free of charge.
- Bypasses Cloudflare limits by using dynamic headless stealth Chromium.
- DuckDuckGo / Google search aggregator.
- Browser Automation (
browser-tool.js):- Advanced Chrome DevTools Protocol (CDP) client.
- Control real desktop Chrome or container Chrome dynamically.
- Capture screenshots, fill forms, execute JS snippets, scrape posts, extract clean inner text.
- Automated Provisioning:
- Auto-copies search and browser tools, debugging scripts, and markdown guides (
SKILL.md,BROWSER.md) into all active agents' workspace folders. - Dynamically patches
TOOLS.mdwith system guidelines on boot.
- Auto-copies search and browser tools, debugging scripts, and markdown guides (
📦 Installation
To install via ClawHub or directly into your OpenClaw plugins folder:
openclaw plugins install clawhub:openclaw-browser-automation
Or clone this repository into your .openclaw/extensions/ folder:
git clone https://github.com/tuanminhhole/openclaw-browser-automation.git .openclaw/extensions/browser-automation
🛠️ Usage
Once enabled, the plugin automatically provisions workspace scripts. The bot can execute commands via exec/terminal tools:
# 🔍 Stealth Search
node search-tool.js "latest gold prices" 5
# 🌐 Browser Automation
node browser-tool.js open "https://vnexpress.net"
node browser-tool.js get_text
node browser-tool.js screenshot
📄 License
MIT