stealthy-auto-browse
Setup Required
This skill requires a running stealthy-auto-browse container. Set the STEALTHY_AUTO_BROWSE_URL environment variable to connect.
1. Run the container:
docker run -d -p 8080:8080 -p 5900:5900 psyb0t/stealthy-auto-browse
2. Configure OpenClaw (~/.openclaw/openclaw.json):
{
"skills": {
"entries": {
"stealthy-auto-browse": {
"env": {
"STEALTHY_AUTO_BROWSE_URL": "http://localhost:8080"
}
}
}
}
}
Or set the environment variable directly:
export STEALTHY_AUTO_BROWSE_URL=http://localhost:8080
3. Verify: Visit http://localhost:5900 to see the browser via VNC.
Control a headless browser that evades bot detection. Uses Camoufox (custom Firefox) with OS-level mouse/keyboard input via PyAutoGUI - completely undetectable by behavioral analysis.
Key Concepts
Why this exists: Standard browser automation (Selenium, Playwright, Puppeteer) is detectable via CDP (Chrome DevTools Protocol) fingerprinting and synthetic event detection. This browser:
- •Uses Firefox (no CDP exposure)
- •Generates consistent fingerprints via browserforge
- •Executes mouse/keyboard at OS level, not via JavaScript injection
Two input modes:
- •Playwright methods (
click,fill,type) - Uses CSS selectors, faster but detectable - •System methods (
system_click,system_type,mouse_move) - OS-level input, undetectable but needs coordinates
Workflow for undetectable interaction:
- •Navigate to page with
goto - •Get elements with
get_interactive_elements - •Find target element's
x,ycoordinates - •Click using
system_clickwith those coordinates - •Type using
system_type
Environment
Set STEALTHY_AUTO_BROWSE_URL to the browser API endpoint (e.g., http://localhost:8080).
API Reference
All commands are POST requests to $STEALTHY_AUTO_BROWSE_URL/ with JSON body {"action": "<name>", ...params}.
Navigation
goto - Navigate to URL
{
"action": "goto",
"url": "https://example.com",
"wait_until": "domcontentloaded"
}
wait_until: domcontentloaded (default), load, networkidle
Undetectable Input (Use These!)
system_click - Move mouse and click at coordinates (UNDETECTABLE)
{ "action": "system_click", "x": 500, "y": 300, "duration": 0.3 }
duration: Optional mouse movement duration in seconds
mouse_move - Move mouse to coordinates without clicking
{ "action": "mouse_move", "x": 500, "y": 300, "duration": 0.5 }
mouse_click - Click at current position or specific coordinates
{"action": "mouse_click"}
{"action": "mouse_click", "x": 500, "y": 300}
system_type - Type text using OS keyboard (UNDETECTABLE)
{ "action": "system_type", "text": "hello world", "interval": 0.08 }
interval: Delay between keystrokes in seconds (default: 0.08)
send_key - Send special key (enter, tab, escape, etc.)
{"action": "send_key", "key": "enter"}
{"action": "send_key", "key": "tab"}
{"action": "send_key", "key": "escape"}
scroll - Scroll page
{"action": "scroll", "amount": -3}
{"action": "scroll", "amount": 5, "x": 500, "y": 300}
amount: Negative = scroll down, positive = scroll up
Playwright Input (Detectable - Use Only When Necessary)
click - Click element by CSS selector (detectable)
{"action": "click", "selector": "#submit-btn"}
{"action": "click", "selector": "button.login"}
fill - Fill input field (clears first)
{
"action": "fill",
"selector": "input[name='email']",
"value": "user@example.com"
}
type - Type into element character by character
{ "action": "type", "selector": "#search", "text": "query", "delay": 0.05 }
Page Inspection
get_interactive_elements - Get all clickable elements with coordinates (ESSENTIAL!)
{ "action": "get_interactive_elements", "visible_only": true }
Returns array of elements:
{
"elements": [
{
"i": 0,
"tag": "button",
"text": "Sign In",
"selector": "#login-btn",
"x": 500,
"y": 300,
"w": 100,
"h": 40,
"visible": true
}
]
}
Use x and y coordinates with system_click for undetectable clicks!
get_text - Get page text content
{ "action": "get_text" }
get_html - Get full page HTML
{ "action": "get_html" }
eval - Execute JavaScript in page context
{"action": "eval", "expression": "document.title"}
{"action": "eval", "expression": "window.scrollY"}
Screenshots
GET /screenshot/browser - Browser viewport PNG GET /screenshot/desktop - Full desktop PNG
Use curl or fetch:
curl $STEALTHY_AUTO_BROWSE_URL/screenshot/browser -o screenshot.png
State & Utility
GET /state - Current browser state (url, title, window_offset)
GET /health - Health check (returns "ok")
ping - Check connection, returns current URL
{ "action": "ping" }
close - Shut down the browser and server
{ "action": "close" }
calibrate - Recalculate window offset for coordinate translation
{ "action": "calibrate" }
Resolution
get_resolution - Get current resolution
{ "action": "get_resolution" }
Fullscreen
enter_fullscreen / exit_fullscreen
{"action": "enter_fullscreen"}
{"action": "exit_fullscreen"}
Complete Workflow Example
Here's how to login to a site undetectably:
# 1. Navigate to login page
curl -X POST $STEALTHY_AUTO_BROWSE_URL -H "Content-Type: application/json" \
-d '{"action": "goto", "url": "https://example.com/login"}'
# 2. Get all interactive elements
curl -X POST $STEALTHY_AUTO_BROWSE_URL -H "Content-Type: application/json" \
-d '{"action": "get_interactive_elements"}'
# Response shows email input at x:400, y:200 and password at x:400, y:260
# 3. Click email field (undetectable)
curl -X POST $STEALTHY_AUTO_BROWSE_URL -H "Content-Type: application/json" \
-d '{"action": "system_click", "x": 400, "y": 200}'
# 4. Type email (undetectable)
curl -X POST $STEALTHY_AUTO_BROWSE_URL -H "Content-Type: application/json" \
-d '{"action": "system_type", "text": "user@example.com"}'
# 5. Click password field
curl -X POST $STEALTHY_AUTO_BROWSE_URL -H "Content-Type: application/json" \
-d '{"action": "system_click", "x": 400, "y": 260}'
# 6. Type password
curl -X POST $STEALTHY_AUTO_BROWSE_URL -H "Content-Type: application/json" \
-d '{"action": "system_type", "text": "secretpassword"}'
# 7. Find and click submit button (from get_interactive_elements, e.g., x:400, y:320)
curl -X POST $STEALTHY_AUTO_BROWSE_URL -H "Content-Type: application/json" \
-d '{"action": "system_click", "x": 400, "y": 320}'
Response Format
All POST responses follow this format:
{
"success": true,
"timestamp": 1234567890.123,
"data": { ... },
"error": "message if failed"
}
Tips
- •Always use
get_interactive_elementsfirst to find coordinates for clicking - •Prefer
system_clickandsystem_typeover Playwright methods for stealth - •Add small delays between actions to appear more human-like
- •Use
calibrateif clicks seem offset after page changes - •Check screenshots to debug what the browser sees
- •Match timezone - The container's TZ must match the IP's location for fingerprint consistency
VNC Access
Connect to port 5900 via noVNC web viewer to see the browser in action.