#browser profiles - openclaw vs user

I really still don't get what the difference is... so if i use the openclaw profile, will i NOT need any browser as openclaw will supply its own? is that that deal here?

Yep, basically.

• openclaw profile = OpenClaw uses a managed, isolated browser/profile for you.
  You do not need to use your normal browser profile or have your own tabs/session attached.

• user profile = OpenClaw attaches to your already-running real browser session, with your existing logins/cookies.

The one nuance: the openclaw profile is managed, but it still uses a local Chromium-based browser install on the machine. So OpenClaw supplies the separate profile/session, not a magical totally self-contained browser universe 😄

Rule of thumb:

• use openclaw for safest/default browser automation
• use user only when you specifically need your existing logged-in browser state

Docs:

• https://docs.openclaw.ai/tools/browser
• https://docs.openclaw.ai/tools/browser-login

If you want, I can sketch the difference as a tiny “openclaw vs user” table too.

what does it mean by an "isolated browser"? one that I won't be able to see at all as a user?

Not hidden, just separate.

“Isolated browser” means:

• it uses a different browser profile / user data dir
• separate cookies, logins, tabs, history, extensions
• it does not touch your normal Chrome/Brave profile

So if you use the openclaw profile on your own machine, you’ll usually get a real browser window you can see and interact with. It’s just a dedicated OpenClaw one, not your everyday browser session.

So:

• visible? usually yes
• same as your normal browser? no
• shares your existing logins? no

That’s why docs call it safer. It’s isolated from your personal browsing state.

If you want, I can give you the super short version of:

• openclaw = separate visible browser
• user = your actual browser session

Docs: https://docs.openclaw.ai/tools/browser and https://docs.openclaw.ai/tools/browser-login

ok I have just set up chromium on the machine, and enabled "remote debugging". The chromium screen now says "Server running at: 127.0.0.1:9222". Now how should i go about setting up openclaw to use the "openclaw" profile to access this chromium?

Small correction, if you want OpenClaw to use the Chromium you already started on 127.0.0.1:9222, that is not really the managed openclaw profile path.

You have 2 different setups:

Option A, true openclaw profile

Let OpenClaw launch and manage its own separate browser/profile.

You would usually just set:

{
  browser: {
    enabled: true,
    defaultProfile: "openclaw",
  },
}

Then use:

openclaw browser start --browser-profile openclaw

In this mode, your manual :9222 Chromium is irrelevant.

Option B, use the Chromium you already launched on 127.0.0.1:9222

Create a remote CDP / attach-only profile instead, for example chromium:

{
  browser: {
    enabled: true,
    defaultProfile: "chromium",

    profiles: {
      chromium: {
        cdpUrl: "http://127.0.0.1:9222",
        attachOnly: true,
        color: "#00AA00",
      },
    },
  },
}

Then test it:

curl http://127.0.0.1:9222/json/version

openclaw browser open https://example.com --browser-profile chromium
openclaw browser tabs --browser-profile chromium

Important nuance

If OpenClaw and Chromium are not on the same host, 127.0.0.1 is wrong.
Use the address that is reachable from the machine running the gateway.

So my recommendation is:

• if you want OpenClaw-managed browser, use openclaw
• if you want to attach to the browser you already launched on :9222, make a custom remote profile, not openclaw

Also, quick sanity check, what does openclaw --version show?

Docs:

• https://docs.openclaw.ai/tools/browser
• https://docs.openclaw.ai/tools/browser-login

what do you mean my :9222 is irralavent? which browser would it use then? it would have no browser to use. how can it launch its own browser if there isn't one?

Yeah, the missing piece is this:

“browser” and “browser profile” are different things.

• browser = the actual app binary, like Chromium / Chrome / Brave
• profile = the data folder/session, like cookies, tabs, logins, history

So when OpenClaw uses the openclaw profile, it does not mean “OpenClaw ships its own browser binary out of thin air”.

It means:

• OpenClaw uses a locally installed Chromium-based browser
• but launches it with a separate OpenClaw-managed profile
• so it’s a separate session from your normal browser

So your :9222 is irrelevant only to managed mode, because :9222 is for the browser process you manually started.

Managed openclaw mode does not attach to that existing process.
Instead, OpenClaw starts another browser process itself, using the installed browser executable, and gives it its own profile/data dir.

So in practice:

• if Chromium is installed locally, OpenClaw can launch that Chromium binary
• but as its own separate OpenClaw session
• usually on its own CDP port, not your manual 9222

If there is no Chromium-based browser installed at all, then yes, managed mode cannot launch anything.

So your choices are:

1. Managed openclaw profile
   OpenClaw launches Chromium itself, with a separate profile

2. Custom remote/attach profile using http://127.0.0.1:9222

OpenClaw attaches to the Chromium process you already launched

That’s the distinction.

If you want, I can give you the exact config for either setup:

• “launch its own Chromium with openclaw”
• or “attach to my existing :9222 Chromium”

Also, if setup starts failing, paste openclaw --version.

Docs: https://docs.openclaw.ai/tools/browser and https://docs.openclaw.ai/tools/browser-login

so there is no "openclaw browser start --browser-profile chromium" required?

Right, not required for that setup.

If your chromium profile is configured like this:

profiles: {
  chromium: {
    cdpUrl: "http://127.0.0.1:9222",
    attachOnly: true,
  },
}

then you start Chromium yourself, and OpenClaw just attaches to it.

So the usual flow is:

curl http://127.0.0.1:9222/json/version
openclaw browser open https://example.com --browser-profile chromium
openclaw browser tabs --browser-profile chromium

Short version

• openclaw browser start --browser-profile openclaw = for the managed browser
• custom chromium + cdpUrl + attachOnly: true = you already started it, so OpenClaw should just connect to it

So browser start --browser-profile chromium is generally not the command you need there.

If you want, I can write the exact browser.profiles.chromium block you should paste into your config.

node@7a440ac70693:/app$ curl http://127.0.0.1:9222/json/version
node@7a440ac70693:/app$ curl http://127.0.0.1:9222
node@7a440ac70693:/app$ 

That output means the CDP endpoint is not reachable yet, so OpenClaw will not be able to attach.

The big clue is your prompt:

node@7a440ac70693:/app$

That looks like you're inside a container. In that case, 127.0.0.1:9222 means the container itself, not your host machine.

So:

• if Chromium is running on the host
• and OpenClaw/gateway is running in Docker
• then http://127.0.0.1:9222 is the wrong address for OpenClaw

You need a profile like this, using an address the gateway container can actually reach:

{
  browser: {
    profiles: {
      chromium: {
        cdpUrl: "http://HOST_IP_OR_NAME:9222",
        attachOnly: true,
      },
    },
  },
}

A few important bits:

• do not use openclaw browser start --browser-profile chromium for this setup
• first make sure this works from the same place the gateway runs:

curl -v http://HOST_IP_OR_NAME:9222/json/version

• only after that should OpenClaw try:

openclaw browser open https://example.com --browser-profile chromium

If you're on Docker Desktop, host.docker.internal is often the right hostname. On plain Linux Docker, it's usually the host/bridge IP instead.

Also, paste openclaw --version too, since version mismatches cause weird browser issues a lot.

Docs:

• https://docs.openclaw.ai/tools/browser
• https://docs.openclaw.ai/gateway/troubleshooting

my openclaw container and chromium container share the same network stack

If they truly share the same network namespace/stack, then yes, 127.0.0.1:9222 should be valid from the OpenClaw container.

But if they only share the same Docker network, that is different, and you should use the Chromium container name/IP instead.

Given this:

curl http://127.0.0.1:9222/json/version

returned nothing, the problem still looks like CDP itself is not responding yet, not OpenClaw.

From the OpenClaw container, try:

curl -v http://127.0.0.1:9222/json/version

curl -v http://127.0.0.1:9222/json/list

You should get JSON back. If not, check how Chromium was started:

• it needs --remote-debugging-port=9222
• if the containers do not actually share one namespace, also use --remote-debugging-address=0.0.0.0

If curl starts returning JSON, then this config is the right shape:

{
  browser: {
    profiles: {
      chromium: {
        cdpUrl: "http://127.0.0.1:9222",

        attachOnly: true,
      },
    },
  },
}

Then test with:

openclaw browser open https://example.com --browser-profile chromium

So, short answer: yes, localhost can be right here, but your empty curl says the endpoint still isn’t healthy yet.

Also paste openclaw --version when you can.

Docs: https://docs.openclaw.ai/tools/browser and https://docs.openclaw.ai/gateway/troubleshooting

node@7a440ac70693:/app$ curl -v http://127.0.0.1:9222/json
*   Trying 127.0.0.1:9222...
* Connected to 127.0.0.1 (127.0.0.1) port 9222 (#0)
> GET /json HTTP/1.1
> Host: 127.0.0.1:9222
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Length:0
< Content-Type:text/html
<
* Connection #0 to host 127.0.0.1 left intact
node@7a440ac70693:/app$

That’s actually useful, 404 on /json alone is not the key signal.

For OpenClaw, the important checks are these exact endpoints:

curl -v http://127.0.0.1:9222/json/version
curl -v http://127.0.0.1:9222/json/list

What we want:

• /json/version → JSON, ideally including webSocketDebuggerUrl
• /json/list → JSON, even [] is fine

So:

• 404 on /json = not necessarily a problem

• working /json/version = good, OpenClaw can usually use cdpUrl: "http://127.0.0.1:9222"

If /json/version works, then your profile should be:

{
  browser: {
    profiles: {
      chromium: {
        cdpUrl: "http://127.0.0.1:9222",
        attachOnly: true,
      },
    },
  },
}

and then:

openclaw browser open https://example.com --browser-profile chromium

No openclaw browser start --browser-profile chromium needed in that attach-only setup.

If /json/version is still empty or 404, then the Chromium container is not exposing standard CDP discovery the way OpenClaw expects. In that case, paste:

1. the output of those two curls
2. openclaw --version
3. how you launched the Chromium container

Docs: https://docs.openclaw.ai/tools/browser and https://docs.openclaw.ai/gateway/troubleshooting

yeah changed some settings in my chromium docker (namely added --remote-debugging-port=9222 --remote-allow-origins=* to the CHROME_CLI env variable. It all works now. Thanks @spare summit !!!!!!!!!

Nice, glad you got it working 🎉

Yep, that means the CDP endpoint is healthy now, so OpenClaw can attach to that Chromium container just fine.

If this fixed it, please right-click the solution message → Apps → ✅ Mark Solution.
That helps Answer Overflow index it for the next person.

And if you want later, I can help you clean this up into the final browser.profiles.chromium config block.