Bb Browser Openclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly for browser-based data extraction, but it can use your logged-in browser sessions broadly and pulls community adapters from an unspecified source.
Install only if you trust the bb-browser binary and adapter source. Use a limited browser profile or log out of sensitive accounts before running adapters, and avoid broad requests like 'any website' when logged in.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Commands could retrieve account-specific or private information from sites where the user is logged in.
The skill explicitly uses authenticated browser state and applies it broadly to 'any website' without clear limits on which accounts, pages, or private data may be accessed.
One-liner structured data from any website using your login state.
Use only with explicit, site-specific requests; consider a separate browser profile with limited logins; review outputs before sharing them.
Unreviewed or changed adapters could run through the browser context and access data available to logged-in sessions.
The skill directs users to fetch community adapters, but the supplied artifacts do not identify the adapter source, pin versions, or provide code for review.
# First time: pull community adapters bb-browser site update
Verify the bb-browser binary and adapter source, pin trusted adapter versions where possible, and review adapter code before using it with logged-in accounts.
The agent may run bb-browser subcommands such as listing, updating, or executing adapters within the allowed command pattern.
The skill grants broad access to the bb-browser CLI. This is aligned with its purpose, but it means the agent can invoke more than the specific examples shown.
allowed-tools: Bash(bb-browser:*)
Ask for confirmation before updates or authenticated site access, and keep use limited to the specific platform and query you intend.