Use Camofox/Camoufox as an opt-in anti-detection browser server for agent workflows that need cloaked browsing. Covers npm/npx startup, OpenClaw plugin tools...
Security Analysis
high confidenceThis skill is a disclosed guide for using a local Camofox anti-detection browser server, with sensitive browser features documented rather than hidden.
The skill enables cloaked browser automation, including navigation, clicking, typing, JavaScript evaluation, cookie import, proxies, and session handling; these are high-impact browser capabilities but they match the stated purpose.
The instructions repeatedly limit use to cases where Camofox is warranted, require health checks and userId/session scoping, warn against global Hermes CAMOFOX_URL routing, and recommend closing tabs when done.
The skill itself contains only markdown, but its documented runtime uses the @askjo/camofox-browser npm package and downloads a Camoufox browser binary on first install/run; this is disclosed and expected for the browser server purpose.
Node, npm, curl, local network service access, optional API keys, proxy settings, cookie/profile directories, and telemetry controls are proportionate for this tool, but users should treat browser sessions and cookie import as sensitive.
Session/profile persistence, trace/cookie directories, optional auto-start plugin configuration, and upstream crash/hang telemetry are documented; no hidden persistence, privilege escalation, destructive behavior, or credential harvesting appears in the artifacts.
Guidance
Install only if you actually need cloaked browser automation. Keep the server on localhost unless you configure CAMOFOX_ACCESS_KEY, avoid importing cookies unless necessary, do not set CAMOFOX_URL globally in Hermes, and set CAMOFOX_CRASH_REPORT_ENABLED=false for privacy-sensitive browsing.
Latest Release
v1.3.3
Manual update from latest local SKILL.md. Keeps CAMOFOX_API_KEY optional and clarifies it is only for sensitive endpoints, not normal browsing.
More by @tmchow
Published by @tmchow on ClawHub
