Bb Browser 0.6.0

Security checks across malware telemetry and agentic risk

Overview

This skill is a documented browser-to-CLI helper; it can access logged-in website data, but that behavior is disclosed and matches its stated purpose.

Install only if you are comfortable with bb-browser commands reading pages available in your current OpenClaw browser session. Use care on sensitive logged-in services, review command output before sharing it, and consider a separate browser profile or account for private sites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly advertises use of the user's existing browser login state to extract structured data from websites, but the description does not clearly warn that commands may access authenticated content and session-scoped data. This can lead users to run commands against logged-in sites without understanding that private account data, personalized feeds, or subscription-only content may be queried and emitted to the CLI.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal