Bb Browser Skill

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls a real logged-in browser, but its access is broad enough that users should review it carefully before installing.

Install only if you trust the separate bb-browser daemon, binary, and browser extension. Use a dedicated low-privilege browser profile, avoid sensitive accounts and tabs in that profile, and require explicit confirmation before JavaScript execution, network capture, screenshots, or actions on logged-in sites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly states it can operate against a real Chromium session with real cookies and authenticated sessions, which creates direct access to sensitive user data and account context. In an agent-skill setting, that is dangerous because downstream commands can read logged-in content and potentially expose private information without prominent consent boundaries, data-handling warnings, or scope restrictions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The raw browser control section exposes powerful primitives such as arbitrary JavaScript execution in the active tab and network request capture. Those capabilities can access page state, tokens, DOM content, and traffic from authenticated sessions, making the skill materially more dangerous when used inside an agent framework without strong safety guidance or access controls.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal