Skills
skills/peiiii/nextclaw/bb-browser/Gen Agent Trust Hub

bb-browser

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the bb-browser package from the NPM registry, which is a third-party dependency not maintained by the skill author.
  • [COMMAND_EXECUTION]: The skill uses local shell commands to perform environment checks, start background processes, and execute browser automation tasks via the bb-browser CLI.
  • [REMOTE_CODE_EXECUTION]: Provides an eval capability that allows executing arbitrary JavaScript within the browser context, which could be exploited if influenced by malicious input.
  • [PROMPT_INJECTION]: Contains an indirect prompt injection surface. The skill ingests data from external websites through site adapters and snapshots. Maliciously crafted content on these sites could attempt to manipulate the agent's behavior, leveraging its ability to perform browser actions like clicking, form filling, and script evaluation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 09:42 PM