romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge ad7cd8f44d into 4583f88626

Browse Source
This commit is contained in:
nirzadokox 2026-01-29 19:00:16 +00:00 committed by GitHub
commit 9168c31934
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/gateway/configuration.md
View File

@ -2769,7 +2769,7 @@ scheme/host for profiles that only set `cdpPort`.
Defaults:
- enabled: `true`
- evaluateEnabled: `true` (set `false` to disable `act:evaluate` and `wait --fn`)
- evaluateEnabled: `false` (set `true` to enable `act:evaluate` and `wait --fn`; disabled by default for security)
- control service: loopback only (port derived from `gateway.port`, default `18791`)
- CDP URL: `http://127.0.0.1:18792` (control service + 1, legacy single-profile)
- profile color: `#FF4500` (lobster-orange)
@ -2780,7 +2780,7 @@ Defaults:
{
browser: {
enabled: true,
evaluateEnabled: true,
evaluateEnabled: false,
// cdpUrl: "http://127.0.0.1:18792", // legacy single-profile override
defaultProfile: "chrome",
profiles: {

2
docs/tools/browser.md
View File

@ -507,7 +507,7 @@ These are useful for “make the site behave like X” workflows:
- The clawd browser profile may contain logged-in sessions; treat it as sensitive.
- `browser act kind=evaluate` / `moltbot browser evaluate` and `wait --fn`
execute arbitrary JavaScript in the page context. Prompt injection can steer
this. Disable it with `browser.evaluateEnabled=false` if you do not need it.
this. **Disabled by default for security.** Enable with `browser.evaluateEnabled: true` if needed.
- For logins and anti-bot notes (X/Twitter, etc.), see [Browser login + X/Twitter posting](/tools/browser-login).
- Keep the Gateway/node host private (loopback or tailnet-only).
- Remote CDP endpoints are powerful; tunnel and protect them.

2
src/agents/skills/config.ts
View File

@ -6,7 +6,7 @@ import type { SkillEligibilityContext, SkillEntry } from "./types.js";
const DEFAULT_CONFIG_VALUES: Record<string, boolean> = {
"browser.enabled": true,
"browser.evaluateEnabled": true,
"browser.evaluateEnabled": false,
};
function isTruthy(value: unknown): boolean {

2
src/browser/constants.ts
View File

@ -1,5 +1,5 @@
export const DEFAULT_CLAWD_BROWSER_ENABLED = true;
export const DEFAULT_BROWSER_EVALUATE_ENABLED = true;
export const DEFAULT_BROWSER_EVALUATE_ENABLED = false;
export const DEFAULT_CLAWD_BROWSER_COLOR = "#FF4500";
export const DEFAULT_CLAWD_BROWSER_PROFILE_NAME = "clawd";
export const DEFAULT_BROWSER_DEFAULT_PROFILE_NAME = "chrome";

2
src/config/types.browser.ts
View File

@ -14,7 +14,7 @@ export type BrowserSnapshotDefaults = {
};
export type BrowserConfig = {
enabled?: boolean;
/** If false, disable browser act:evaluate (arbitrary JS). Default: true */
/** If true, enable browser act:evaluate (arbitrary JS). Default: false (disabled for security) */
evaluateEnabled?: boolean;
/** Base URL of the CDP endpoint (for remote browsers). Default: loopback CDP on the derived port. */
cdpUrl?: string;

2
src/hooks/config.ts
View File

@ -6,7 +6,7 @@ import type { HookEligibilityContext, HookEntry } from "./types.js";
const DEFAULT_CONFIG_VALUES: Record<string, boolean> = {
"browser.enabled": true,
"browser.evaluateEnabled": true,
"browser.evaluateEnabled": false,
"workspace.dir": true,
};