ClawHub

bb-browser

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent but needs review because it can use your logged-in OpenClaw browser session and community site adapters to extract account-visible website data.

Install only if you are comfortable letting bb-browser operate through your current OpenClaw browser sessions. Prefer a separate or least-privileged browser profile, review community adapters before updating, avoid sensitive accounts unless necessary, and approve each target site and command intentionally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill explicitly invites turning arbitrary websites into bb-browser adapters and even says the agent can reverse-engineer APIs, write adapters, test them, and submit a PR. In the context of a tool that runs inside the user's logged-in browser state, this broad framing can cause overbroad execution on user requests and increase the chance of automating access to sensitive or authenticated sites without sufficient scoping or consent boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill prominently markets structured extraction from websites using the user's existing login state, but the early description does not clearly warn that commands may access authenticated session data from OpenClaw's browser. That omission can mislead users into running commands against sites where they are logged in, exposing private account data or causing unintended access to non-public information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal