BNBot
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
BNBot appears to automate Twitter/X as advertised, but it gives an agent broad power to act through your logged-in browser account with limited documented approval and boundary controls.
Install only if you are comfortable letting this npm package and Chrome extension act through your X/Twitter browser session. Verify the actual binary being run, use a separate browser profile or test account when possible, require manual confirmation before any public or destructive action, and run the background daemon only while you need it.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent mistake or unsafe prompt could publicly post, engage with accounts, follow/unfollow users, publish articles, or delete content from the user's account.
These commands can publish, engage, follow/unfollow, and delete using the user's account, but the skill does not require an explicit confirmation step for these high-impact actions.
`bnbot post-tweet --text "..."` ... `bnbot follow-user [--username <handle>]` ... `bnbot delete-tweet [--tweetUrl <url>]` ... `bnbot publish-article [--publish]`
Require explicit user approval before any posting, deletion, follow, retweet, reply, or publish command; prefer draft-only modes where available.
Installing and connecting it can let the agent act with the same privileges as the logged-in X account.
The skill uses the user's logged-in Chrome/X session rather than a clearly scoped API credential; the artifacts do not define per-command permission boundaries for that account access.
BNBot operates through a real browser session via Chrome Extension ... Open https://x.com in Chrome ... turn on **OpenClaw**
Use only with an account/browser profile you are willing to delegate, review the extension permissions, and disconnect or log out when finished.
The agent could fail or invoke an unintended local `bnbot` command if the installed package does not provide the same binary name.
The declared/verified binary is bnbot-cli, but the instructions run bnbot. That creates command provenance ambiguity for a tool that can control a social account.
requires: bins: [bnbot-cli] ... bins: [bnbot-cli] ... All tools are executed via the `bnbot` CLI
The package should align its declared and executed binary names; users should verify `which bnbot`/`bnbot --version` and trust the npm package and Chrome extension publisher before connecting an account.
If the local bridge is exposed or weakly authenticated, other local software or browser contexts might be able to interact with a channel that controls account actions or returns scraped account data.
The CLI/agent communicates with the Chrome extension through a local WebSocket service, but the artifacts do not document authentication, origin checks, localhost binding, or data boundaries.
start the WebSocket daemon: `nohup bnbot serve > /tmp/bnbot.log 2>&1 &` ... `lsof -i :18900` ... turn on **OpenClaw**
Run it only on trusted machines, confirm the daemon binds only to localhost and uses access controls, and stop it when not actively using the skill.
The account-control bridge may remain running after the intended task and continue logging to /tmp.
The background daemon is disclosed and purpose-aligned, but it persists after setup and no stop/lifecycle guidance is provided.
`nohup bnbot serve > /tmp/bnbot.log 2>&1 &` ... `If empty, restart it`
Start the daemon only when needed, learn how to terminate it, and remove logs if they may contain sensitive output.
Users may overtrust the automation and underestimate reputation, moderation, or account-enforcement consequences.
The safety and ban-avoidance wording is not backed by documented safeguards in the artifacts and may lead users to underestimate account or platform-policy risk.
description: The safest and most efficient way to automate Twitter/X ... Grow your Twitter without API bans.
Treat these as marketing claims, review X/Twitter rules yourself, and use conservative limits and manual review.