bb-browser
bb-browser is a CLI (and optional Chrome extension/daemon) plus an MCP server wrapper that lets AI agents control a real Chrome browser session using the user’s existing login state. It can run browser automation (click/fill/eval/fetch/network/screenshot) and provides “site adapters” (one JS file per command) to perform site-specific actions like search, feeds, transcripts, summaries, and more, returning results as JSON when requested.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security is primarily tied to the user’s existing authenticated browser session; there is no explicit scope/permission model beyond what the browser session permits. The daemon can bind to public interfaces (0.0.0.0) which increases exposure risk if not protected. The README does not describe how session secrets/cookies are stored, redacted from logs, or encrypted, nor does it document threat model controls for eval/injection capabilities.
⚡ Reliability
Best When
You have a user-owned Chrome login session and need an agent to interact with complex, auth-gated web UIs and extract results into structured JSON.
Avoid When
You cannot securely handle user credentials/session state, need fine-grained permissioning beyond what the user browser already has, or require clear published rate-limit/error-contracts for reliable automation.
Use Cases
- • Agentic web research across many sites using existing authenticated sessions
- • Building chat/agent workflows that need interactive browser actions (search, navigation, scraping-like data extraction) without APIs
- • Retrieving authenticated content such as social feeds, watchlists, and transcripts
- • Generating structured outputs for downstream processing via --json and --jq
Not For
- • Use as a general-purpose headless web-scraping tool for arbitrary unauthenticated targets
- • Operations requiring strict compliance boundaries around automated access or sensitive personal data handling
- • Workloads that need strong idempotency/transactional guarantees (browser actions are stateful)
Interface
Authentication
Authentication is effectively whatever permissions the user’s logged-in Chrome session already has; bb-browser itself does not appear to introduce a separate OAuth flow or scope model in the provided README.
Pricing
No pricing information provided in the supplied content.
Agent Metadata
Known Gotchas
- ⚠ Statefulness: actions depend on the user’s current browser session and UI state
- ⚠ Network/content variability: adapters may break when a site changes
- ⚠ SSO/2FA prompts can block automation until user re-authenticates
- ⚠ Running with --host 0.0.0.0 exposes the daemon to the network; remote access should be tightly controlled
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for bb-browser.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-29.