Bb Browser Sites
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for browser-based web extraction, but it should be reviewed because it uses downloaded community adapters with your logged-in browser sessions.
Install only if you trust bb-browser and the source of its community adapters. Consider using a separate browser profile, avoid logging into sensitive accounts, review adapter updates before use, and run site commands only when you explicitly want the agent to access that website.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to run bb-browser commands beyond the shown examples, including commands that affect browser state or adapter state.
The skill allows any bb-browser subcommand via Bash, while the documented use case is narrower website data extraction with bb-browser site commands.
allowed-tools: Bash(bb-browser:*)
Prefer a narrower tool allowlist if available, and require explicit user approval for adapter updates, login-related actions, or any non-read browser automation.
Unreviewed or changed adapters could run through the browser against logged-in sites and access account-specific pages.
The skill instructs a runtime pull of community adapters, but the supplied artifacts do not identify the adapter source, version pinning, integrity checks, or review process.
# First time: pull community adapters bb-browser site update
Only update adapters from a trusted, documented source; maintainers should publish the adapter repository, pin versions or checksums, and describe the review process.
Commands may read private or account-specific website content using your existing browser login state.
The skill explicitly uses authenticated browser sessions across many sites, but the artifacts do not clearly bound which sessions may be used or what private account data may be accessed.
One-liner structured data from any website using your login state.
Use a separate browser profile or account for this skill, run commands only for sites you explicitly choose, and ask the maintainer to document session scope and data handling.
Your browsing patterns could reveal sensitive interests, accounts, work projects, or personal activity.
The recommend command appears to inspect browsing habits, but the artifacts do not explain which browser history/profile data is read, whether it stays local, or whether it is retained.
# See which adapters match your browsing habits bb-browser site recommend
Avoid the recommend command unless you trust the tool's data handling; maintainers should document what browsing data is inspected, where it is processed, and retention behavior.