overthinkos/openclaw-sway-browser
openclaw/skills/openclaw-sway-browser/SKILL.md
Maximal OpenClaw deployment with Sway desktop, Chrome, VNC, and all tool layers. Includes all feasible OpenClaw skill dependencies. Use when working with MUST be invoked before building, deploying, configuring, or troubleshooting the openclaw-sway-browser image.
tools
Updated May 13, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins openclaw-sway-browserInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 13, 2026, 6:11 AM240.9s1 file scanned
SKILL.md
- name:
- openclaw-sway-browser
- description:
- |
openclaw-sway-browser
Maximal OpenClaw gateway with full Wayland desktop, Chrome browser, VNC access, and all tool layers for maximum skill coverage.
Image Properties
| Property | Value | |----------|-------| | Base | fedora | | Layers | agent-forwarding, openclaw-full (metalayer: 28 layers), sway-desktop | | Platforms | linux/amd64 | | Ports | 18789, 5900, 9222, 9224 | | Tunnel | tailscale (all ports) | | Registry | ghcr.io/overthinkos |
Ports
| Port | Service | Protocol | |------|---------|----------| | 18789 | OpenClaw gateway + Control UI | HTTP | | 5900 | VNC (wayvnc) | TCP | | 9222 | Chrome DevTools | HTTP | | 9224 | Chrome DevTools MCP (Streamable HTTP) | HTTP |
Included Tools
npm: codex, gemini, clawhub, mcporter, oracle, xurl, summarize, playwright, claude-code Go: blogwatcher, gifgrep, wacli, goplaces, songsee, sag, camsnap, gogcli, ordercli Cargo: himalaya Python: uv, nano-pdf RPM: gh, git, tmux, ffmpeg, ripgrep, sqlite
Quick Start
ov image build openclaw-sway-browser
ov config openclaw-sway-browser
ov start openclaw-sway-browser
# Gateway at http://localhost:18789
# VNC desktop at localhost:5900
Key Layers
/ov-openclaw:openclaw-full— metalayer composing openclaw + chrome + 26 tool layers/ov-selkies:sway-desktop— full desktop (pipewire, wayvnc, chrome-sway, terminal, file manager, waybar)
Related Images
/ov-openclaw:openclaw— headless gateway only (minimal)/ov-openclaw:openclaw-ollama-sway-browser— adds CUDA, Ollama, Whisper, sherpa-onnx for ML
Verification
After ov start:
ov status openclaw-sway-browser— container runningov service status openclaw-sway-browser— all services RUNNINGcurl -s http://localhost:18789— OpenClaw gateway responds- VNC client connects to
localhost:5900— desktop accessible curl -s http://localhost:9222/json/version— Chrome DevTools responds
Port Relay Architecture
OpenClaw (18789) and Chrome DevTools (9222) both use port relay (socat) — services bind to loopback, socat forwards from the container interface. This avoids origin/security checks that block non-loopback connections.
Gateway First-Run Configuration
After the first container start, the gateway needs one-time setup before it will accept requests:
IMG=openclaw-sway-browser
# Required: gateway mode (without this, gateway refuses to start)
ov shell $IMG -c "openclaw config set gateway.mode local"
# Required: Chrome CDP integration
ov shell $IMG -c "openclaw config set browser.cdpUrl 'http://127.0.0.1:9222'"
# Apply changes
ov shell $IMG -c "supervisorctl restart openclaw"
dangerouslyAllowHostHeaderOriginFallback is NOT needed -- the gateway binds to loopback only, and port_relay (socat) handles external access.
OpenAI Codex OAuth
Prerequisites: Chrome must be signed into Google with sync enabled. See /ov-openclaw:openclaw-ollama-sway-browser for the full Chrome sign-in and Codex OAuth procedure — the process is identical for this image (substitute IMG=openclaw-sway-browser).
Key points:
- Use
ov tmux runfor the OAuth TUI (not--ttypiped throughtee) — see/ov-automation:tmux - Click "Continue with Google" then "Continue" on consent using
ov eval cdp click --vnc - Callback at
localhost:1455is container-internal (no port mapping needed) - Model:
openai-codex/gpt-5.4 - Tokens persist in the
datavolume (~/.openclaw)
See /ov-automation:openclaw-deploy for full gateway configuration reference.
Data Persistence
| Volume | Container Path | Contents |
|--------|----------------|----------|
| ov-...-data | ~/.openclaw | Config, auth tokens, sessions |
| ov-...-chrome-data | ~/.chrome-debug | Chrome profile, sign-in, sync |
Volumes survive ov stop/ov start and image rebuilds. Only destroyed by ov remove --purge.
When to Use This Skill
MUST be invoked when the task involves the openclaw-sway-browser image, OpenClaw with browser automation, or desktop gateway deployments. Invoke this skill BEFORE reading source code or launching Explore agents.
Related
/ov-image:image— image family umbrella (image:entries inoverthink.yml, build/validate/inspect/list)/ov-build:build—build.ymlvocabulary (distros, builders, init-systems)
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026