Back to skill
Skillv1.0.0
ClawScan security
Answers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 2, 2026, 9:02 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is a coherent wrapper for Brave Search's 'Answers' API, but its runtime instructions require a Brave API key while the skill metadata declares no required credentials—this mismatch is unexpected and should be resolved before trusting the skill.
- Guidance
- This skill appears to call Brave Search's Answers API and will need a Brave API key to work, but the skill's metadata does not declare any required credentials — that mismatch is the main red flag. Before installing: (1) Confirm you trust the skill owner and that the skill metadata is corrected to declare the required BRAVE_SEARCH_API_KEY (or similar) so you know what secret the skill will use. (2) Use a limited-scope or dedicated Brave API key (not a shared or long-lived global secret) and verify billing/quotas on the Brave dashboard. (3) Understand that user prompts and any context you provide will be sent to api.search.brave.com (research mode streams more and runs multiple queries), so avoid sending sensitive data. (4) If you need higher assurance, ask the publisher to update the skill manifest to list required env vars (primaryEnv) and include a homepage/source so you can verify provenance. If you can't verify those, treat the skill as untrusted.
Review Dimensions
- Purpose & Capability
- noteThe name/description claim AI-grounded answers via an OpenAI-compatible /chat/completions endpoint, and the SKILL.md shows exactly that using https://api.search.brave.com/res/v1/chat/completions. Requiring network access to Brave Search is consistent with the stated purpose.
- Instruction Scope
- noteThe SKILL.md stays within the stated scope: it provides example requests, parameters, and behaviors (single-search vs research mode). It instructs the agent to send user messages to a third-party API (Brave Search) and to include an API key header. It does not attempt to read local files or unrelated system state. Important: the docs explicitly require an API key and subscription token for Brave Search.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk or installed — lowest install risk.
- Credentials
- concernThe SKILL.md examples and auth notes require a Brave API key (e.g., X-Subscription-Token or Authorization: Bearer) and reference an environment variable BRAVE_SEARCH_API_KEY, but the skill metadata lists no required environment variables or primary credential. This mismatch is disproportionate and a metadata integrity issue: the skill will need a secret at runtime but doesn't declare it.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request system persistence or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-privilege requests.