You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cookie import — camofox_import_cookies tool + POST /sessions/:userId/cookies endpoint. Parse Netscape cookie files to authenticate against sites like LinkedIn without interactive login. Gated behind CAMOFOX_API_KEY.
Proxy + GeoIP — route all browser traffic through a residential proxy. Set PROXY_HOST, PROXY_PORT, PROXY_USERNAME, PROXY_PASSWORD and Camoufox automatically matches locale, timezone, and geolocation to the proxy's exit IP. No manual fingerprint configuration needed.
Structured JSON logging — every request/response logged as JSON with request IDs for production observability. Health checks excluded to reduce noise.
Reddit JSON macros — @reddit_search and @reddit_subreddit return JSON directly (no HTML parsing needed)
Security
Block file://, javascript:, data: URL schemes on all navigation
Whitelist env vars passed to child processes (no more process.env spread)
Remove dotenv — no arbitrary .env file loading
Gate POST /stop behind admin key with timing-safe comparison
Cookie field allowlisting, path traversal prevention, 500-cookie cap
Session/tab caps (50/10), 100KB body limit, production error sanitization
Require userId on all endpoints, unique fallback per plugin instance
Fixes (1.1.1–1.1.2)
Fix plugin config not loading from api.pluginConfig (#7)
Eliminate OpenClaw scanner false positives — restructured code so no single file triggers scanner rule pairs. process.env reads centralized in lib/config.js, subprocess spawning isolated in lib/launcher.js, cookie file I/O moved to lib/cookies.js. Zero warnings on openclaw plugins install. (#7)
Tests
75 unit tests: security (19), cookies (14), Netscape parser (16), macros (24), screenshots (2)
