Browser (openclaw-managed)
OpenClaw can run a dedicated Chrome/Brave/Edge/Chromium profile that the agent controls. It is isolated from your personal browser and is managed through a small local control service inside the Gateway (loopback only). Beginner view:- Think of it as a separate, agent-only browser.
- The
openclawprofile does not touch your personal browser profile. - The agent can open tabs, read pages, click, and type in a safe lane.
- The built-in
userprofile attaches to your real signed-in Chrome session via Chrome MCP.
What you get
- A separate browser profile named openclaw (orange accent by default).
- Deterministic tab control (list/open/focus/close).
- Agent actions (click/type/drag/select), snapshots, screenshots, PDFs.
- Optional multi-profile support (
openclaw,work,remote, …).
Quick start
Profiles: openclaw vs user
openclaw: managed, isolated browser (no extension required).user: built-in Chrome MCP attach profile for your real signed-in Chrome session.
- Default: use the isolated
openclawbrowser. - Prefer
profile="user"when existing logged-in sessions matter and the user is at the computer to click/approve any attach prompt. profileis the explicit override when you want a specific browser mode.
browser.defaultProfile: "openclaw" if you want managed mode by default.
Configuration
Browser settings live in~/.openclaw/openclaw.json.
- The browser control service binds to loopback on a port derived from
gateway.port(default:18791, which is gateway + 2). - If you override the Gateway port (
gateway.portorOPENCLAW_GATEWAY_PORT), the derived browser ports shift to stay in the same “family”. cdpUrldefaults to the managed local CDP port when unset.remoteCdpTimeoutMsapplies to remote (non-loopback) CDP reachability checks.remoteCdpHandshakeTimeoutMsapplies to remote CDP WebSocket reachability checks.- Browser navigation/open-tab is SSRF-guarded before navigation and best-effort re-checked on final
http(s)URL after navigation. - In strict SSRF mode, remote CDP endpoint discovery/probes (
cdpUrl, including/json/versionlookups) are checked too. browser.ssrfPolicy.dangerouslyAllowPrivateNetworkdefaults totrue(trusted-network model). Set it tofalsefor strict public-only browsing.browser.ssrfPolicy.allowPrivateNetworkremains supported as a legacy alias for compatibility.attachOnly: truemeans “never launch a local browser; only attach if it is already running.”color+ per-profilecolortint the browser UI so you can see which profile is active.- Default profile is
openclaw(OpenClaw-managed standalone browser). UsedefaultProfile: "user"to opt into the signed-in user browser. - Auto-detect order: system default browser if Chromium-based; otherwise Chrome → Brave → Edge → Chromium → Chrome Canary.
- Local
openclawprofiles auto-assigncdpPort/cdpUrl— set those only for remote CDP. driver: "existing-session"uses Chrome DevTools MCP instead of raw CDP. Do not setcdpUrlfor that driver.
Use Brave (or another Chromium-based browser)
If your system default browser is Chromium-based (Chrome/Brave/Edge/etc), OpenClaw uses it automatically. Setbrowser.executablePath to override
auto-detection:
CLI example:
Local vs remote control
- Local control (default): the Gateway starts the loopback control service and can launch a local browser.
- Remote control (node host): run a node host on the machine that has the browser; the Gateway proxies browser actions to it.
- Remote CDP: set
browser.profiles.<name>.cdpUrl(orbrowser.cdpUrl) to attach to a remote Chromium-based browser. In this case, OpenClaw will not launch a local browser.
- Query tokens (e.g.,
https://provider.example?token=<token>) - HTTP Basic auth (e.g.,
https://user:pass@provider.example)
/json/* endpoints and when connecting
to the CDP WebSocket. Prefer environment variables or secrets managers for
tokens instead of committing them to config files.
Node browser proxy (zero-config default)
If you run a node host on the machine that has your browser, OpenClaw can auto-route browser tool calls to that node without any extra browser config. This is the default path for remote gateways. Notes:- The node host exposes its local browser control server via a proxy command.
- Profiles come from the node’s own
browser.profilesconfig (same as local). - Disable if you don’t want it:
- On the node:
nodeHost.browserProxy.enabled=false - On the gateway:
gateway.nodes.browser.mode="off"
- On the node:
Browserless (hosted remote CDP)
Browserless is a hosted Chromium service that exposes CDP endpoints over HTTPS. You can point a OpenClaw browser profile at a Browserless region endpoint and authenticate with your API key. Example:- Replace
<BROWSERLESS_API_KEY>with your real Browserless token. - Choose the region endpoint that matches your Browserless account (see their docs).
Direct WebSocket CDP providers
Some hosted browser services expose a direct WebSocket endpoint rather than the standard HTTP-based CDP discovery (/json/version). OpenClaw supports both:
- HTTP(S) endpoints (e.g. Browserless) — OpenClaw calls
/json/versionto discover the WebSocket debugger URL, then connects. - WebSocket endpoints (
ws:///wss://) — OpenClaw connects directly, skipping/json/version. Use this for services like Browserbase or any provider that hands you a WebSocket URL.
Browserbase
Browserbase is a cloud platform for running headless browsers with built-in CAPTCHA solving, stealth mode, and residential proxies.- Sign up and copy your API Key from the Overview dashboard.
- Replace
<BROWSERBASE_API_KEY>with your real Browserbase API key. - Browserbase auto-creates a browser session on WebSocket connect, so no manual session creation step is needed.
- The free tier allows one concurrent session and one browser hour per month. See pricing for paid plan limits.
- See the Browserbase docs for full API reference, SDK guides, and integration examples.
Security
Key ideas:- Browser control is loopback-only; access flows through the Gateway’s auth or node pairing.
- If browser control is enabled and no auth is configured, OpenClaw auto-generates
gateway.auth.tokenon startup and persists it to config. - Keep the Gateway and any node hosts on a private network (Tailscale); avoid public exposure.
- Treat remote CDP URLs/tokens as secrets; prefer env vars or a secrets manager.
- Prefer encrypted endpoints (HTTPS or WSS) and short-lived tokens where possible.
- Avoid embedding long-lived tokens directly in config files.
Profiles (multi-browser)
OpenClaw supports multiple named profiles (routing configs). Profiles can be:- openclaw-managed: a dedicated Chromium-based browser instance with its own user data directory + CDP port
- remote: an explicit CDP URL (Chromium-based browser running elsewhere)
- existing session: your existing Chrome profile via Chrome DevTools MCP auto-connect
- The
openclawprofile is auto-created if missing. - The
userprofile is built-in for Chrome MCP existing-session attach. - Existing-session profiles are opt-in beyond
user; create them with--driver existing-session. - Local CDP ports allocate from 18800–18899 by default.
- Deleting a profile moves its local data directory to Trash.
?profile=<name>; the CLI uses --browser-profile.
Chrome existing-session via MCP
OpenClaw can also attach to a running Chrome profile through the official Chrome DevTools MCP server. This reuses the tabs and login state already open in that Chrome profile. Official background and setup references: Built-in profile:user
- Open
chrome://inspect/#remote-debugging - Enable remote debugging
- Keep Chrome running and approve the connection prompt when OpenClaw attaches
statusshowsdriver: existing-sessionstatusshowstransport: chrome-mcpstatusshowsrunning: truetabslists your already-open Chrome tabssnapshotreturns refs from the selected live tab
- Chrome is version
144+ - remote debugging is enabled at
chrome://inspect/#remote-debugging - Chrome showed and you accepted the attach consent prompt
openclaw doctormigrates old extension-based browser config and checks that Chrome is installed locally with a compatible version, but it cannot enable Chrome-side remote debugging for you
- Use
profile="user"when you need the user’s logged-in browser state. - If you use a custom existing-session profile, pass that explicit profile name.
- Only choose this mode when the user is at the computer to approve the attach prompt.
- the Gateway or node host can spawn
npx chrome-devtools-mcp@latest --autoConnect
- This path is higher-risk than the isolated
openclawprofile because it can act inside your signed-in browser session. - OpenClaw does not launch Chrome for this driver; it attaches to an existing session only.
- OpenClaw uses the official Chrome DevTools MCP
--autoConnectflow here, not the legacy default-profile remote debugging port workflow. - Existing-session screenshots support page captures and
--refelement captures from snapshots, but not CSS--elementselectors. - Existing-session
wait --urlsupports exact, substring, and glob patterns like other browser drivers.wait --load networkidleis not supported yet. - Some features still require the managed browser path, such as PDF export and download interception.
- Existing-session is host-local. If Chrome lives on a different machine or a different network namespace, use remote CDP or a node host instead.
Isolation guarantees
- Dedicated user data dir: never touches your personal browser profile.
- Dedicated ports: avoids
9222to prevent collisions with dev workflows. - Deterministic tab control: target tabs by
targetId, not “last tab”.
Browser selection
When launching locally, OpenClaw picks the first available:- Chrome
- Brave
- Edge
- Chromium
- Chrome Canary
browser.executablePath.
Platforms:
- macOS: checks
/Applicationsand~/Applications. - Linux: looks for
google-chrome,brave,microsoft-edge,chromium, etc. - Windows: checks common install locations.
Control API (optional)
For local integrations only, the Gateway exposes a small loopback HTTP API:- Status/start/stop:
GET /,POST /start,POST /stop - Tabs:
GET /tabs,POST /tabs/open,POST /tabs/focus,DELETE /tabs/:targetId - Snapshot/screenshot:
GET /snapshot,POST /screenshot - Actions:
POST /navigate,POST /act - Hooks:
POST /hooks/file-chooser,POST /hooks/dialog - Downloads:
POST /download,POST /wait/download - Debugging:
GET /console,POST /pdf - Debugging:
GET /errors,GET /requests,POST /trace/start,POST /trace/stop,POST /highlight - Network:
POST /response/body - State:
GET /cookies,POST /cookies/set,POST /cookies/clear - State:
GET /storage/:kind,POST /storage/:kind/set,POST /storage/:kind/clear - Settings:
POST /set/offline,POST /set/headers,POST /set/credentials,POST /set/geolocation,POST /set/media,POST /set/timezone,POST /set/locale,POST /set/device
?profile=<name>.
If gateway auth is configured, browser HTTP routes require auth too:
Authorization: Bearer <gateway token>x-openclaw-password: <gateway password>or HTTP Basic auth with that password
Playwright requirement
Some features (navigate/act/AI snapshot/role snapshot, element screenshots, PDF) require Playwright. If Playwright isn’t installed, those endpoints return a clear 501 error. ARIA snapshots and basic screenshots still work for openclaw-managed Chrome. If you seePlaywright is not available in this gateway build, install the full
Playwright package (not playwright-core) and restart the gateway, or reinstall
OpenClaw with browser support.
Docker Playwright install
If your Gateway runs in Docker, avoidnpx playwright (npm override conflicts).
Use the bundled CLI instead:
PLAYWRIGHT_BROWSERS_PATH (for example,
/home/node/.cache/ms-playwright) and make sure /home/node is persisted via
OPENCLAW_HOME_VOLUME or a bind mount. See Docker.
How it works (internal)
High-level flow:- A small control server accepts HTTP requests.
- It connects to Chromium-based browsers (Chrome/Brave/Edge/Chromium) via CDP.
- For advanced actions (click/type/snapshot/PDF), it uses Playwright on top of CDP.
- When Playwright is missing, only non-Playwright operations are available.
CLI quick reference
All commands accept--browser-profile <name> to target a specific profile.
All commands also accept --json for machine-readable output (stable payloads).
Basics:
openclaw browser statusopenclaw browser startopenclaw browser stopopenclaw browser tabsopenclaw browser tabopenclaw browser tab newopenclaw browser tab select 2openclaw browser tab close 2openclaw browser open https://example.comopenclaw browser focus abcd1234openclaw browser close abcd1234
openclaw browser screenshotopenclaw browser screenshot --full-pageopenclaw browser screenshot --ref 12openclaw browser screenshot --ref e12openclaw browser snapshotopenclaw browser snapshot --format aria --limit 200openclaw browser snapshot --interactive --compact --depth 6openclaw browser snapshot --efficientopenclaw browser snapshot --labelsopenclaw browser snapshot --selector "#main" --interactiveopenclaw browser snapshot --frame "iframe#main" --interactiveopenclaw browser console --level erroropenclaw browser errors --clearopenclaw browser requests --filter api --clearopenclaw browser pdfopenclaw browser responsebody "**/api" --max-chars 5000
openclaw browser navigate https://example.comopenclaw browser resize 1280 720openclaw browser click 12 --doubleopenclaw browser click e12 --doubleopenclaw browser type 23 "hello" --submitopenclaw browser press Enteropenclaw browser hover 44openclaw browser scrollintoview e12openclaw browser drag 10 11openclaw browser select 9 OptionA OptionBopenclaw browser download e12 report.pdfopenclaw browser waitfordownload report.pdfopenclaw browser upload /tmp/openclaw/uploads/file.pdfopenclaw browser fill --fields '[{"ref":"1","type":"text","value":"Ada"}]'openclaw browser dialog --acceptopenclaw browser wait --text "Done"openclaw browser wait "#main" --url "**/dash" --load networkidle --fn "window.ready===true"openclaw browser evaluate --fn '(el) => el.textContent' --ref 7openclaw browser highlight e12openclaw browser trace startopenclaw browser trace stop
openclaw browser cookiesopenclaw browser cookies set session abc123 --url "https://example.com"openclaw browser cookies clearopenclaw browser storage local getopenclaw browser storage local set theme darkopenclaw browser storage session clearopenclaw browser set offline onopenclaw browser set headers --headers-json '{"X-Debug":"1"}'openclaw browser set credentials user passopenclaw browser set credentials --clearopenclaw browser set geo 37.7749 -122.4194 --origin "https://example.com"openclaw browser set geo --clearopenclaw browser set media darkopenclaw browser set timezone America/New_Yorkopenclaw browser set locale en-USopenclaw browser set device "iPhone 14"
uploadanddialogare arming calls; run them before the click/press that triggers the chooser/dialog.- Download and trace output paths are constrained to OpenClaw temp roots:
- traces:
/tmp/openclaw(fallback:${os.tmpdir()}/openclaw) - downloads:
/tmp/openclaw/downloads(fallback:${os.tmpdir()}/openclaw/downloads)
- traces:
- Upload paths are constrained to an OpenClaw temp uploads root:
- uploads:
/tmp/openclaw/uploads(fallback:${os.tmpdir()}/openclaw/uploads)
- uploads:
uploadcan also set file inputs directly via--input-refor--element.snapshot:--format ai(default when Playwright is installed): returns an AI snapshot with numeric refs (aria-ref="<n>").--format aria: returns the accessibility tree (no refs; inspection only).--efficient(or--mode efficient): compact role snapshot preset (interactive + compact + depth + lower maxChars).- Config default (tool/CLI only): set
browser.snapshotDefaults.mode: "efficient"to use efficient snapshots when the caller does not pass a mode (see Gateway configuration). - Role snapshot options (
--interactive,--compact,--depth,--selector) force a role-based snapshot with refs likeref=e12. --frame "<iframe selector>"scopes role snapshots to an iframe (pairs with role refs likee12).--interactiveoutputs a flat, easy-to-pick list of interactive elements (best for driving actions).--labelsadds a viewport-only screenshot with overlayed ref labels (printsMEDIA:<path>).
click/type/etc require areffromsnapshot(either numeric12or role refe12). CSS selectors are intentionally not supported for actions.
Snapshots and refs
OpenClaw supports two “snapshot” styles:-
AI snapshot (numeric refs):
openclaw browser snapshot(default;--format ai)- Output: a text snapshot that includes numeric refs.
- Actions:
openclaw browser click 12,openclaw browser type 23 "hello". - Internally, the ref is resolved via Playwright’s
aria-ref.
-
Role snapshot (role refs like
e12):openclaw browser snapshot --interactive(or--compact,--depth,--selector,--frame)- Output: a role-based list/tree with
[ref=e12](and optional[nth=1]). - Actions:
openclaw browser click e12,openclaw browser highlight e12. - Internally, the ref is resolved via
getByRole(...)(plusnth()for duplicates). - Add
--labelsto include a viewport screenshot with overlayede12labels.
- Output: a role-based list/tree with
- Refs are not stable across navigations; if something fails, re-run
snapshotand use a fresh ref. - If the role snapshot was taken with
--frame, role refs are scoped to that iframe until the next role snapshot.
Wait power-ups
You can wait on more than just time/text:- Wait for URL (globs supported by Playwright):
openclaw browser wait --url "**/dash"
- Wait for load state:
openclaw browser wait --load networkidle
- Wait for a JS predicate:
openclaw browser wait --fn "window.ready===true"
- Wait for a selector to become visible:
openclaw browser wait "#main"
Debug workflows
When an action fails (e.g. “not visible”, “strict mode violation”, “covered”):openclaw browser snapshot --interactive- Use
click <ref>/type <ref>(prefer role refs in interactive mode) - If it still fails:
openclaw browser highlight <ref>to see what Playwright is targeting - If the page behaves oddly:
openclaw browser errors --clearopenclaw browser requests --filter api --clear
- For deep debugging: record a trace:
openclaw browser trace start- reproduce the issue
openclaw browser trace stop(printsTRACE:<path>)
JSON output
--json is for scripting and structured tooling.
Examples:
refs plus a small stats block (lines/chars/refs/interactive) so tools can reason about payload size and density.
State and environment knobs
These are useful for “make the site behave like X” workflows:- Cookies:
cookies,cookies set,cookies clear - Storage:
storage local|session get|set|clear - Offline:
set offline on|off - Headers:
set headers --headers-json '{"X-Debug":"1"}'(legacyset headers --json '{"X-Debug":"1"}'remains supported) - HTTP basic auth:
set credentials user pass(or--clear) - Geolocation:
set geo <lat> <lon> --origin "https://example.com"(or--clear) - Media:
set media dark|light|no-preference|none - Timezone / locale:
set timezone ...,set locale ... - Device / viewport:
set device "iPhone 14"(Playwright device presets)set viewport 1280 720
Security & privacy
- The openclaw browser profile may contain logged-in sessions; treat it as sensitive.
browser act kind=evaluate/openclaw browser evaluateandwait --fnexecute arbitrary JavaScript in the page context. Prompt injection can steer this. Disable it withbrowser.evaluateEnabled=falseif you do not need it.- For logins and anti-bot notes (X/Twitter, etc.), see Browser login + X/Twitter posting.
- Keep the Gateway/node host private (loopback or tailnet-only).
- Remote CDP endpoints are powerful; tunnel and protect them.
Troubleshooting
For Linux-specific issues (especially snap Chromium), see Browser troubleshooting. For WSL2 Gateway + Windows Chrome split-host setups, see WSL2 + Windows + remote Chrome CDP troubleshooting.Agent tools + how control works
The agent gets one tool for browser automation:browser— status/start/stop/tabs/open/focus/close/snapshot/screenshot/navigate/act
browser snapshotreturns a stable UI tree (AI or ARIA).browser actuses the snapshotrefIDs to click/type/drag/select.browser screenshotcaptures pixels (full page or element).browseraccepts:profileto choose a named browser profile (openclaw, chrome, or remote CDP).target(sandbox|host|node) to select where the browser lives.- In sandboxed sessions,
target: "host"requiresagents.defaults.sandbox.browser.allowHostControl=true. - If
targetis omitted: sandboxed sessions default tosandbox, non-sandbox sessions default tohost. - If a browser-capable node is connected, the tool may auto-route to it unless you pin
target="host"ortarget="node".