Browser (openclaw-managed)
OpenClaw can run a dedicated Chrome/Brave/Edge/Chromium profile that the agent controls. It is isolated from your personal browser and is managed through a small local control service inside the Gateway (loopback only). Beginner view:- Think of it as a separate, agent-only browser.
- The
openclawprofile does not touch your personal browser profile. - The agent can open tabs, read pages, click, and type in a safe lane.
- The built-in
userprofile attaches to your real signed-in Chrome session via Chrome MCP.
What you get
- A separate browser profile named openclaw (orange accent by default).
- Deterministic tab control (list/open/focus/close).
- Agent actions (click/type/drag/select), snapshots, screenshots, PDFs.
- Optional multi-profile support (
openclaw,work,remote, …).
Quick start
openclaw browser is missing entirely, or the agent says the browser tool
is unavailable, jump to Missing browser command or tool.
Plugin control
The defaultbrowser tool is now a bundled plugin that ships enabled by
default. That means you can disable or replace it without removing the rest of
OpenClaw’s plugin system:
browser tool name. The default browser experience needs both:
plugins.entries.browser.enablednot disabledbrowser.enabled=true
openclaw browser),
gateway method (browser.request), agent tool, and default browser control
service all disappear together. Your browser.* config stays intact for a
replacement plugin to reuse.
The bundled browser plugin also owns the browser runtime implementation now.
Core keeps only shared Plugin SDK helpers plus compatibility re-exports for
older internal import paths. In practice, removing or replacing the browser
plugin package removes the browser feature set instead of leaving a second
core-owned runtime behind.
Browser config changes still require a Gateway restart so the bundled plugin
can re-register its browser service with the new settings.
Missing browser command or tool
Ifopenclaw browser suddenly becomes an unknown command after an upgrade, or
the agent reports that the browser tool is missing, the most common cause is a
restrictive plugins.allow list that does not include browser.
Example broken config:
browser to the plugin allowlist:
browser.enabled=trueis not enough by itself whenplugins.allowis set.plugins.entries.browser.enabled=trueis also not enough by itself whenplugins.allowis set.tools.alsoAllow: ["browser"]does not load the bundled browser plugin. It only adjusts tool policy after the plugin is already loaded.- If you do not need a restrictive plugin allowlist, removing
plugins.allowalso restores the default bundled browser behavior.
openclaw browseris an unknown command.browser.requestis missing.- The agent reports the browser tool as unavailable or missing.
Profiles: openclaw vs user
openclaw: managed, isolated browser (no extension required).user: built-in Chrome MCP attach profile for your real signed-in Chrome session.
- Default: use the isolated
openclawbrowser. - Prefer
profile="user"when existing logged-in sessions matter and the user is at the computer to click/approve any attach prompt. profileis the explicit override when you want a specific browser mode.
browser.defaultProfile: "openclaw" if you want managed mode by default.
Configuration
Browser settings live in~/.openclaw/openclaw.json.
- The browser control service binds to loopback on a port derived from
gateway.port(default:18791, which is gateway + 2). - If you override the Gateway port (
gateway.portorOPENCLAW_GATEWAY_PORT), the derived browser ports shift to stay in the same “family”. cdpUrldefaults to the managed local CDP port when unset.remoteCdpTimeoutMsapplies to remote (non-loopback) CDP reachability checks.remoteCdpHandshakeTimeoutMsapplies to remote CDP WebSocket reachability checks.- Browser navigation/open-tab is SSRF-guarded before navigation and best-effort re-checked on final
http(s)URL after navigation. - In strict SSRF mode, remote CDP endpoint discovery/probes (
cdpUrl, including/json/versionlookups) are checked too. browser.ssrfPolicy.dangerouslyAllowPrivateNetworkdefaults totrue(trusted-network model). Set it tofalsefor strict public-only browsing.browser.ssrfPolicy.allowPrivateNetworkremains supported as a legacy alias for compatibility.attachOnly: truemeans “never launch a local browser; only attach if it is already running.”color+ per-profilecolortint the browser UI so you can see which profile is active.- Default profile is
openclaw(OpenClaw-managed standalone browser). UsedefaultProfile: "user"to opt into the signed-in user browser. - Auto-detect order: system default browser if Chromium-based; otherwise Chrome → Brave → Edge → Chromium → Chrome Canary.
- Local
openclawprofiles auto-assigncdpPort/cdpUrl— set those only for remote CDP. driver: "existing-session"uses Chrome DevTools MCP instead of raw CDP. Do not setcdpUrlfor that driver.- Set
browser.profiles.<name>.userDataDirwhen an existing-session profile should attach to a non-default Chromium user profile such as Brave or Edge.
Use Brave (or another Chromium-based browser)
If your system default browser is Chromium-based (Chrome/Brave/Edge/etc), OpenClaw uses it automatically. Setbrowser.executablePath to override
auto-detection:
CLI example:
Local vs remote control
- Local control (default): the Gateway starts the loopback control service and can launch a local browser.
- Remote control (node host): run a node host on the machine that has the browser; the Gateway proxies browser actions to it.
- Remote CDP: set
browser.profiles.<name>.cdpUrl(orbrowser.cdpUrl) to attach to a remote Chromium-based browser. In this case, OpenClaw will not launch a local browser.
- Query tokens (e.g.,
https://provider.example?token=<token>) - HTTP Basic auth (e.g.,
https://user:pass@provider.example)
/json/* endpoints and when connecting
to the CDP WebSocket. Prefer environment variables or secrets managers for
tokens instead of committing them to config files.
Node browser proxy (zero-config default)
If you run a node host on the machine that has your browser, OpenClaw can auto-route browser tool calls to that node without any extra browser config. This is the default path for remote gateways. Notes:- The node host exposes its local browser control server via a proxy command.
- Profiles come from the node’s own
browser.profilesconfig (same as local). nodeHost.browserProxy.allowProfilesis optional. Leave it empty for the legacy/default behavior: all configured profiles remain reachable through the proxy, including profile create/delete routes.- If you set
nodeHost.browserProxy.allowProfiles, OpenClaw treats it as a least-privilege boundary: only allowlisted profiles can be targeted, and persistent profile create/delete routes are blocked on the proxy surface. - Disable if you don’t want it:
- On the node:
nodeHost.browserProxy.enabled=false - On the gateway:
gateway.nodes.browser.mode="off"
- On the node:
Browserless (hosted remote CDP)
Browserless is a hosted Chromium service that exposes CDP connection URLs over HTTPS and WebSocket. OpenClaw can use either form, but for a remote browser profile the simplest option is the direct WebSocket URL from Browserless’ connection docs. Example:- Replace
<BROWSERLESS_API_KEY>with your real Browserless token. - Choose the region endpoint that matches your Browserless account (see their docs).
- If Browserless gives you an HTTPS base URL, you can either convert it to
wss://for a direct CDP connection or keep the HTTPS URL and let OpenClaw discover/json/version.
Direct WebSocket CDP providers
Some hosted browser services expose a direct WebSocket endpoint rather than the standard HTTP-based CDP discovery (/json/version). OpenClaw supports both:
- HTTP(S) endpoints — OpenClaw calls
/json/versionto discover the WebSocket debugger URL, then connects. - WebSocket endpoints (
ws:///wss://) — OpenClaw connects directly, skipping/json/version. Use this for services like Browserless, Browserbase, or any provider that hands you a WebSocket URL.
Browserbase
Browserbase is a cloud platform for running headless browsers with built-in CAPTCHA solving, stealth mode, and residential proxies.- Sign up and copy your API Key from the Overview dashboard.
- Replace
<BROWSERBASE_API_KEY>with your real Browserbase API key. - Browserbase auto-creates a browser session on WebSocket connect, so no manual session creation step is needed.
- The free tier allows one concurrent session and one browser hour per month. See pricing for paid plan limits.
- See the Browserbase docs for full API reference, SDK guides, and integration examples.
Security
Key ideas:- Browser control is loopback-only; access flows through the Gateway’s auth or node pairing.
- If browser control is enabled and no auth is configured, OpenClaw auto-generates
gateway.auth.tokenon startup and persists it to config. - Keep the Gateway and any node hosts on a private network (Tailscale); avoid public exposure.
- Treat remote CDP URLs/tokens as secrets; prefer env vars or a secrets manager.
- Prefer encrypted endpoints (HTTPS or WSS) and short-lived tokens where possible.
- Avoid embedding long-lived tokens directly in config files.
Profiles (multi-browser)
OpenClaw supports multiple named profiles (routing configs). Profiles can be:- openclaw-managed: a dedicated Chromium-based browser instance with its own user data directory + CDP port
- remote: an explicit CDP URL (Chromium-based browser running elsewhere)
- existing session: your existing Chrome profile via Chrome DevTools MCP auto-connect
- The
openclawprofile is auto-created if missing. - The
userprofile is built-in for Chrome MCP existing-session attach. - Existing-session profiles are opt-in beyond
user; create them with--driver existing-session. - Local CDP ports allocate from 18800–18899 by default.
- Deleting a profile moves its local data directory to Trash.
?profile=<name>; the CLI uses --browser-profile.
Existing-session via Chrome DevTools MCP
OpenClaw can also attach to a running Chromium-based browser profile through the official Chrome DevTools MCP server. This reuses the tabs and login state already open in that browser profile. Official background and setup references: Built-in profile:user
- The built-in
userprofile uses Chrome MCP auto-connect, which targets the default local Google Chrome profile.
userDataDir for Brave, Edge, Chromium, or a non-default Chrome profile:
- Open that browser’s inspect page for remote debugging.
- Enable remote debugging.
- Keep the browser running and approve the connection prompt when OpenClaw attaches.
- Chrome:
chrome://inspect/#remote-debugging - Brave:
brave://inspect/#remote-debugging - Edge:
edge://inspect/#remote-debugging
statusshowsdriver: existing-sessionstatusshowstransport: chrome-mcpstatusshowsrunning: truetabslists your already-open browser tabssnapshotreturns refs from the selected live tab
- the target Chromium-based browser is version
144+ - remote debugging is enabled in that browser’s inspect page
- the browser showed and you accepted the attach consent prompt
openclaw doctormigrates old extension-based browser config and checks that Chrome is installed locally for default auto-connect profiles, but it cannot enable browser-side remote debugging for you
- Use
profile="user"when you need the user’s logged-in browser state. - If you use a custom existing-session profile, pass that explicit profile name.
- Only choose this mode when the user is at the computer to approve the attach prompt.
- the Gateway or node host can spawn
npx chrome-devtools-mcp@latest --autoConnect
- This path is higher-risk than the isolated
openclawprofile because it can act inside your signed-in browser session. - OpenClaw does not launch the browser for this driver; it attaches to an existing session only.
- OpenClaw uses the official Chrome DevTools MCP
--autoConnectflow here. IfuserDataDiris set, OpenClaw passes it through to target that explicit Chromium user data directory. - Existing-session screenshots support page captures and
--refelement captures from snapshots, but not CSS--elementselectors. - Existing-session
wait --urlsupports exact, substring, and glob patterns like other browser drivers.wait --load networkidleis not supported yet. - Some features still require the managed browser path, such as PDF export and download interception.
- Existing-session is host-local. If Chrome lives on a different machine or a different network namespace, use remote CDP or a node host instead.
Isolation guarantees
- Dedicated user data dir: never touches your personal browser profile.
- Dedicated ports: avoids
9222to prevent collisions with dev workflows. - Deterministic tab control: target tabs by
targetId, not “last tab”.
Browser selection
When launching locally, OpenClaw picks the first available:- Chrome
- Brave
- Edge
- Chromium
- Chrome Canary
browser.executablePath.
Platforms:
- macOS: checks
/Applicationsand~/Applications. - Linux: looks for
google-chrome,brave,microsoft-edge,chromium, etc. - Windows: checks common install locations.
Control API (optional)
For local integrations only, the Gateway exposes a small loopback HTTP API:- Status/start/stop:
GET /,POST /start,POST /stop - Tabs:
GET /tabs,POST /tabs/open,POST /tabs/focus,DELETE /tabs/:targetId - Snapshot/screenshot:
GET /snapshot,POST /screenshot - Actions:
POST /navigate,POST /act - Hooks:
POST /hooks/file-chooser,POST /hooks/dialog - Downloads:
POST /download,POST /wait/download - Debugging:
GET /console,POST /pdf - Debugging:
GET /errors,GET /requests,POST /trace/start,POST /trace/stop,POST /highlight - Network:
POST /response/body - State:
GET /cookies,POST /cookies/set,POST /cookies/clear - State:
GET /storage/:kind,POST /storage/:kind/set,POST /storage/:kind/clear - Settings:
POST /set/offline,POST /set/headers,POST /set/credentials,POST /set/geolocation,POST /set/media,POST /set/timezone,POST /set/locale,POST /set/device
?profile=<name>.
If gateway auth is configured, browser HTTP routes require auth too:
Authorization: Bearer <gateway token>x-openclaw-password: <gateway password>or HTTP Basic auth with that password
Playwright requirement
Some features (navigate/act/AI snapshot/role snapshot, element screenshots, PDF) require Playwright. If Playwright isn’t installed, those endpoints return a clear 501 error. ARIA snapshots and basic screenshots still work for openclaw-managed Chrome. If you seePlaywright is not available in this gateway build, install the full
Playwright package (not playwright-core) and restart the gateway, or reinstall
OpenClaw with browser support.
Docker Playwright install
If your Gateway runs in Docker, avoidnpx playwright (npm override conflicts).
Use the bundled CLI instead:
PLAYWRIGHT_BROWSERS_PATH (for example,
/home/node/.cache/ms-playwright) and make sure /home/node is persisted via
OPENCLAW_HOME_VOLUME or a bind mount. See Docker.
How it works (internal)
High-level flow:- A small control server accepts HTTP requests.
- It connects to Chromium-based browsers (Chrome/Brave/Edge/Chromium) via CDP.
- For advanced actions (click/type/snapshot/PDF), it uses Playwright on top of CDP.
- When Playwright is missing, only non-Playwright operations are available.
CLI quick reference
All commands accept--browser-profile <name> to target a specific profile.
All commands also accept --json for machine-readable output (stable payloads).
Basics:
openclaw browser statusopenclaw browser startopenclaw browser stopopenclaw browser tabsopenclaw browser tabopenclaw browser tab newopenclaw browser tab select 2openclaw browser tab close 2openclaw browser open https://example.comopenclaw browser focus abcd1234openclaw browser close abcd1234
openclaw browser screenshotopenclaw browser screenshot --full-pageopenclaw browser screenshot --ref 12openclaw browser screenshot --ref e12openclaw browser snapshotopenclaw browser snapshot --format aria --limit 200openclaw browser snapshot --interactive --compact --depth 6openclaw browser snapshot --efficientopenclaw browser snapshot --labelsopenclaw browser snapshot --selector "#main" --interactiveopenclaw browser snapshot --frame "iframe#main" --interactiveopenclaw browser console --level erroropenclaw browser errors --clearopenclaw browser requests --filter api --clearopenclaw browser pdfopenclaw browser responsebody "**/api" --max-chars 5000
openclaw browser navigate https://example.comopenclaw browser resize 1280 720openclaw browser click 12 --doubleopenclaw browser click e12 --doubleopenclaw browser type 23 "hello" --submitopenclaw browser press Enteropenclaw browser hover 44openclaw browser scrollintoview e12openclaw browser drag 10 11openclaw browser select 9 OptionA OptionBopenclaw browser download e12 report.pdfopenclaw browser waitfordownload report.pdfopenclaw browser upload /tmp/openclaw/uploads/file.pdfopenclaw browser fill --fields '[{"ref":"1","type":"text","value":"Ada"}]'openclaw browser dialog --acceptopenclaw browser wait --text "Done"openclaw browser wait "#main" --url "**/dash" --load networkidle --fn "window.ready===true"openclaw browser evaluate --fn '(el) => el.textContent' --ref 7openclaw browser highlight e12openclaw browser trace startopenclaw browser trace stop
openclaw browser cookiesopenclaw browser cookies set session abc123 --url "https://example.com"openclaw browser cookies clearopenclaw browser storage local getopenclaw browser storage local set theme darkopenclaw browser storage session clearopenclaw browser set offline onopenclaw browser set headers --headers-json '{"X-Debug":"1"}'openclaw browser set credentials user passopenclaw browser set credentials --clearopenclaw browser set geo 37.7749 -122.4194 --origin "https://example.com"openclaw browser set geo --clearopenclaw browser set media darkopenclaw browser set timezone America/New_Yorkopenclaw browser set locale en-USopenclaw browser set device "iPhone 14"
uploadanddialogare arming calls; run them before the click/press that triggers the chooser/dialog.- Download and trace output paths are constrained to OpenClaw temp roots:
- traces:
/tmp/openclaw(fallback:${os.tmpdir()}/openclaw) - downloads:
/tmp/openclaw/downloads(fallback:${os.tmpdir()}/openclaw/downloads)
- traces:
- Upload paths are constrained to an OpenClaw temp uploads root:
- uploads:
/tmp/openclaw/uploads(fallback:${os.tmpdir()}/openclaw/uploads)
- uploads:
uploadcan also set file inputs directly via--input-refor--element.snapshot:--format ai(default when Playwright is installed): returns an AI snapshot with numeric refs (aria-ref="<n>").--format aria: returns the accessibility tree (no refs; inspection only).--efficient(or--mode efficient): compact role snapshot preset (interactive + compact + depth + lower maxChars).- Config default (tool/CLI only): set
browser.snapshotDefaults.mode: "efficient"to use efficient snapshots when the caller does not pass a mode (see Gateway configuration). - Role snapshot options (
--interactive,--compact,--depth,--selector) force a role-based snapshot with refs likeref=e12. --frame "<iframe selector>"scopes role snapshots to an iframe (pairs with role refs likee12).--interactiveoutputs a flat, easy-to-pick list of interactive elements (best for driving actions).--labelsadds a viewport-only screenshot with overlayed ref labels (printsMEDIA:<path>).
click/type/etc require areffromsnapshot(either numeric12or role refe12). CSS selectors are intentionally not supported for actions.
Snapshots and refs
OpenClaw supports two “snapshot” styles:-
AI snapshot (numeric refs):
openclaw browser snapshot(default;--format ai)- Output: a text snapshot that includes numeric refs.
- Actions:
openclaw browser click 12,openclaw browser type 23 "hello". - Internally, the ref is resolved via Playwright’s
aria-ref.
-
Role snapshot (role refs like
e12):openclaw browser snapshot --interactive(or--compact,--depth,--selector,--frame)- Output: a role-based list/tree with
[ref=e12](and optional[nth=1]). - Actions:
openclaw browser click e12,openclaw browser highlight e12. - Internally, the ref is resolved via
getByRole(...)(plusnth()for duplicates). - Add
--labelsto include a viewport screenshot with overlayede12labels.
- Output: a role-based list/tree with
- Refs are not stable across navigations; if something fails, re-run
snapshotand use a fresh ref. - If the role snapshot was taken with
--frame, role refs are scoped to that iframe until the next role snapshot.
Wait power-ups
You can wait on more than just time/text:- Wait for URL (globs supported by Playwright):
openclaw browser wait --url "**/dash"
- Wait for load state:
openclaw browser wait --load networkidle
- Wait for a JS predicate:
openclaw browser wait --fn "window.ready===true"
- Wait for a selector to become visible:
openclaw browser wait "#main"
Debug workflows
When an action fails (e.g. “not visible”, “strict mode violation”, “covered”):openclaw browser snapshot --interactive- Use
click <ref>/type <ref>(prefer role refs in interactive mode) - If it still fails:
openclaw browser highlight <ref>to see what Playwright is targeting - If the page behaves oddly:
openclaw browser errors --clearopenclaw browser requests --filter api --clear
- For deep debugging: record a trace:
openclaw browser trace start- reproduce the issue
openclaw browser trace stop(printsTRACE:<path>)
JSON output
--json is for scripting and structured tooling.
Examples:
refs plus a small stats block (lines/chars/refs/interactive) so tools can reason about payload size and density.
State and environment knobs
These are useful for “make the site behave like X” workflows:- Cookies:
cookies,cookies set,cookies clear - Storage:
storage local|session get|set|clear - Offline:
set offline on|off - Headers:
set headers --headers-json '{"X-Debug":"1"}'(legacyset headers --json '{"X-Debug":"1"}'remains supported) - HTTP basic auth:
set credentials user pass(or--clear) - Geolocation:
set geo <lat> <lon> --origin "https://example.com"(or--clear) - Media:
set media dark|light|no-preference|none - Timezone / locale:
set timezone ...,set locale ... - Device / viewport:
set device "iPhone 14"(Playwright device presets)set viewport 1280 720
Security & privacy
- The openclaw browser profile may contain logged-in sessions; treat it as sensitive.
browser act kind=evaluate/openclaw browser evaluateandwait --fnexecute arbitrary JavaScript in the page context. Prompt injection can steer this. Disable it withbrowser.evaluateEnabled=falseif you do not need it.- For logins and anti-bot notes (X/Twitter, etc.), see Browser login + X/Twitter posting.
- Keep the Gateway/node host private (loopback or tailnet-only).
- Remote CDP endpoints are powerful; tunnel and protect them.
Troubleshooting
For Linux-specific issues (especially snap Chromium), see Browser troubleshooting. For WSL2 Gateway + Windows Chrome split-host setups, see WSL2 + Windows + remote Chrome CDP troubleshooting.Agent tools + how control works
The agent gets one tool for browser automation:browser— status/start/stop/tabs/open/focus/close/snapshot/screenshot/navigate/act
browser snapshotreturns a stable UI tree (AI or ARIA).browser actuses the snapshotrefIDs to click/type/drag/select.browser screenshotcaptures pixels (full page or element).browseraccepts:profileto choose a named browser profile (openclaw, chrome, or remote CDP).target(sandbox|host|node) to select where the browser lives.- In sandboxed sessions,
target: "host"requiresagents.defaults.sandbox.browser.allowHostControl=true. - If
targetis omitted: sandboxed sessions default tosandbox, non-sandbox sessions default tohost. - If a browser-capable node is connected, the tool may auto-route to it unless you pin
target="host"ortarget="node".
Related
- Tools Overview — all available agent tools
- Sandboxing — browser control in sandboxed environments
- Security — browser control risks and hardening
