Skillv0.6.0

ClawScan security

bb-browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 5:46 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's purpose matches the bb-browser CLI, but the runtime instructions reference OpenClaw tooling and community adapter downloads that are not declared in the skill metadata, creating incoherence and a modest safety risk.
Guidance: This skill is broadly coherent with its stated goal of wrapping websites as bb-browser commands, but there are two important mismatches to verify before installing: (1) SKILL.md assumes OpenClaw's 'openclaw' browser CLI and use of '--openclaw', yet the skill metadata does not list openclaw as a required binary or allowed tool—confirm that your agent environment provides the OpenClaw browser CLI and that the skill will be permitted to call it; (2) the quick start tells users to run 'bb-browser site update' to pull community adapters, which likely downloads third-party code at runtime—review where those adapters come from (their source URLs/reputations) and inspect them before allowing updates. Also ask the publisher for a homepage/source and a provenance statement for adapters. If you proceed, install a trusted bb-browser binary from an official source, avoid blindly running 'site update' until you can audit the downloaded adapters, and be cautious about running commands that use your browser login state (they can access pages available to your logged-in account).

Review Dimensions

Purpose & Capability: concernThe skill claims to turn websites into CLI commands and correctly requires the bb-browser binary; however the SKILL.md repeatedly requires/assumes OpenClaw's browser (e.g., 'openclaw browser open ...' and the mandatory '--openclaw' flag). The manifest does not declare the openclaw binary or any env/config access. This mismatch between description/instructions and declared requirements is incoherent.
Instruction Scope: concernInstructions are mostly scoped to running bb-browser commands, but they also (a) instruct the user/agent to open OpenClaw's browser for login and rely on browser login state, and (b) instruct 'bb-browser site update' to 'pull community adapters'—which implies fetching and installing third‑party adapters/code at runtime. Those operations involve network downloads and use of another CLI (openclaw) that are not represented in the declared allowed-tools or required binaries.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing will be written to disk by the skill bundle itself. The primary runtime risk comes from bb-browser's own behavior (e.g., updating/pulling community adapters), not from a packaged installer in the skill.
Credentials: noteThe skill declares no environment variables and requests no credentials. However it depends on the user's OpenClaw browser login state (cookies/session) to access authenticated pages; that reliance is reasonable for the stated purpose but is not declared as a required capability and can expose authenticated content if bb-browser adapters fetch or transmit sensitive data.
Persistence & Privilege: okalways is false (default) and the skill is user-invocable. Autonomous invocation is allowed by default on the platform; there is no additional persistence requested by this skill's metadata.