ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bb Browser Skill

v1.0.0

Automate Chromium browser via Chrome DevTools Protocol on host to run 103 commands across 36 platforms with real sessions and cookies through bb-browser daemon.

0· 324·1 current·1 all-time
by@chatgptnexus

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chatgptnexus/bb-browser-claw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Bb Browser Skill" (chatgptnexus/bb-browser-claw) from ClawHub.
Skill page: https://clawhub.ai/chatgptnexus/bb-browser-claw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install bb-browser-claw

ClawHub CLI

Package manager switcher

npx clawhub@latest install bb-browser-claw
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Chrome CDP automation using a host bb-browser daemon to use real sessions/cookies) matches the instructions: SKILL.md shows commands that call the bb-browser binary and CDP operations. The required host-side daemon and browser sessions are explicitly documented and are necessary for the stated functionality.
Instruction Scope
Instructions remain inside the stated purpose (running adapters and raw CDP commands). However, the documented capabilities include capturing network traffic, evaluating arbitrary JS, taking snapshots, and accessing adapters that require logged-in sessions — all of which can read sensitive browsing data (cookies, session content). This is expected for a tool that controls a real browser, but it materially increases the sensitivity of granting the skill access.
Install Mechanism
No install spec and no code files — instruction-only. That minimizes on-disk installation risk. The skill relies on a host-provided binary (bind-mounted into the container), which is documented in SKILL.md.
Credentials
The skill declares no environment variables or credentials, which is appropriate. That said, because it expects a host daemon and a bind-mounted binary, granting the container access to that binary/daemon implicitly grants the agent access to the host browser's sessions and cookies (sensitive data). Lack of declared secrets does not eliminate the ability to observe or exfiltrate browser data via the daemon.
Persistence & Privilege
always is false and the skill is user-invocable. Normal autonomous invocation is allowed by default; combined with access to the host bb-browser daemon the agent could be used to perform actions against the user's browser during autonomous runs, so consider invocation policy. The skill does not request persistent modifications to agent configuration.
Assessment
This skill appears to do what it says: it will control a real Chromium instance on your host and can see cookies/sessions. Before enabling it, ensure you: (1) trust the host bb-browser binary/daemon (audit its source and integrity); (2) avoid bind-mounting your real browser profile into untrusted containers or limit which containers can access the daemon; (3) restrict or review autonomous invocation if you don't want the agent to access your browser without manual approval; and (4) consider network/egress controls because outputs could be exfiltrated. If you are uncomfortable with any of those, do not grant the container access to the host bb-browser daemon or restrict the skill's permission to run.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b65e9dby070j1psdtkk5sqn83c9sb
324downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@chatgptnexus
latest
Download

bb-browser Skill

Chrome CDP automation with 103 commands across 36 platforms. Runs via the bb-browser daemon on the host machine, accessible from inside the Rabbit container.

How It Works

bb-browser connects to a real Chromium instance on the host via Chrome DevTools Protocol (CDP). The daemon runs at localhost:19824. Commands execute within the actual browser — with real cookies and sessions — so you can access logged-in content without any API keys.

The binary is available inside the container at /usr/local/bin/bb-browser (bind-mounted from host).

Basic Syntax

# Run a site adapter
bb-browser site <adapter>/<command> [args]

# List all available adapters
bb-browser site list

# Get adapter usage details
bb-browser site info boss/search

# Output as JSON
bb-browser site <adapter>/<command> [args] --json

Key Adapters Available

Job Search (BOSS直聘)

bb-browser site boss/search '工程师 上海' --json
bb-browser site boss/detail <job_url>

⚠️ BOSS has anti-bot detection. If you see 您的环境存在异常, the browser session needs a manual BOSS visit to solve captcha first.

Twitter / X

bb-browser site twitter/search 'AI agent 2025' --json
bb-browser site twitter/bookmarks --json
bb-browser site twitter/notifications --json
bb-browser site twitter/tweets <username> --json
bb-browser site twitter/user <username> --json
bb-browser site twitter/thread <tweet_url> --json

小红书 (Xiaohongshu)

bb-browser site xiaohongshu/search '东京旅游' --json
bb-browser site xiaohongshu/feed --json
bb-browser site xiaohongshu/note <note_url> --json
bb-browser site xiaohongshu/me --json
bb-browser site xiaohongshu/user_posts <user_id> --json

Note: Requires logged-in XHS session in Chromium.

Bilibili

bb-browser site bilibili/search 'Claude AI' --json
bb-browser site bilibili/trending --json
bb-browser site bilibili/popular --json
bb-browser site bilibili/feed --json
bb-browser site bilibili/history --json

Weibo

bb-browser site weibo/hot --json
bb-browser site weibo/feed --json
bb-browser site weibo/search <keyword> --json
bb-browser site weibo/user <uid_or_name> --json

Zhihu

bb-browser site zhihu/hot --json
bb-browser site zhihu/search <keyword> --json
bb-browser site zhihu/question <question_url> --json

Finance & Markets

bb-browser site xueqiu/hot-stock 5 --json
bb-browser site xueqiu/stock <code> --json
bb-browser site eastmoney/news --json
bb-browser site yahoo-finance/quote AAPL --json

Research / News

bb-browser site google/search 'Claude AI 2025' --json
bb-browser site reddit/hot programming --json
bb-browser site hackernews/top --json
bb-browser site arxiv/search 'LLM agents' --json
bb-browser site github/issues owner/repo --json

Translation

bb-browser site youdao/translate '株式会社' --json

Browser Direct Control

For sites without adapters, use raw CDP commands:

bb-browser open <url>                  # Open URL in current tab
bb-browser open <url> --tab            # Open in new tab
bb-browser snapshot -i                 # Screenshot + page snapshot
bb-browser tab                         # List open tabs
bb-browser tab <index>                 # Switch to tab
bb-browser eval "document.title"       # Run JS in active tab
bb-browser network requests --json     # Capture network traffic

Calling from OpenClaw Skills

When you want to use bb-browser in a Python subprocess inside the container:

import subprocess, json

result = subprocess.run(
    ['bb-browser', 'site', 'twitter/search', query, '--json'],
    capture_output=True, text=True, timeout=30
)
data = json.loads(result.stdout)

Or from a skill shell script:

bb-browser site zhihu/hot --json | python3 -c "import json,sys; items=json.load(sys.stdin); print('\n'.join(i['title'] for i in items[:5]))"

Requirements

  • bb-browser daemon running on host at localhost:19824
  • Real Chrome/Chromium browser open with bb-browser extension installed
  • For site-specific adapters: active logged-in session in that browser

Comments

Loading comments...