ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bb Browser Skill

v1.0.0

Automate Chromium browser via Chrome DevTools Protocol on host to run 103 commands across 36 platforms with real sessions and cookies through bb-browser daemon.

0· 195·1 current·1 all-time
by@chatgptnexus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Chrome CDP automation using a host bb-browser daemon to use real sessions/cookies) matches the instructions: SKILL.md shows commands that call the bb-browser binary and CDP operations. The required host-side daemon and browser sessions are explicitly documented and are necessary for the stated functionality.
Instruction Scope
Instructions remain inside the stated purpose (running adapters and raw CDP commands). However, the documented capabilities include capturing network traffic, evaluating arbitrary JS, taking snapshots, and accessing adapters that require logged-in sessions — all of which can read sensitive browsing data (cookies, session content). This is expected for a tool that controls a real browser, but it materially increases the sensitivity of granting the skill access.
Install Mechanism
No install spec and no code files — instruction-only. That minimizes on-disk installation risk. The skill relies on a host-provided binary (bind-mounted into the container), which is documented in SKILL.md.
Credentials
The skill declares no environment variables or credentials, which is appropriate. That said, because it expects a host daemon and a bind-mounted binary, granting the container access to that binary/daemon implicitly grants the agent access to the host browser's sessions and cookies (sensitive data). Lack of declared secrets does not eliminate the ability to observe or exfiltrate browser data via the daemon.
Persistence & Privilege
always is false and the skill is user-invocable. Normal autonomous invocation is allowed by default; combined with access to the host bb-browser daemon the agent could be used to perform actions against the user's browser during autonomous runs, so consider invocation policy. The skill does not request persistent modifications to agent configuration.
Assessment
This skill appears to do what it says: it will control a real Chromium instance on your host and can see cookies/sessions. Before enabling it, ensure you: (1) trust the host bb-browser binary/daemon (audit its source and integrity); (2) avoid bind-mounting your real browser profile into untrusted containers or limit which containers can access the daemon; (3) restrict or review autonomous invocation if you don't want the agent to access your browser without manual approval; and (4) consider network/egress controls because outputs could be exfiltrated. If you are uncomfortable with any of those, do not grant the container access to the host bb-browser daemon or restrict the skill's permission to run.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b65e9dby070j1psdtkk5sqn83c9sb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments