ClawHub

Brave Search

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a search helper, but it embeds and recommends a shared fallback credential instead of requiring a user-controlled key.

Install only if you are comfortable with search queries being sent through a shared/default credential path. Prefer a version that removes the hardcoded fallback, requires your own API key, and clearly documents what service receives your search terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares environment-variable use and references local scripts, but it does not declare explicit permissions despite having capabilities to read environment data and files. This can mislead users and hosting platforms about what the skill can access, reducing transparency and weakening least-privilege controls.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script loads a router credential from an environment variable but silently falls back to a hardcoded key. Embedding a usable access key in code creates an unauthorized access risk if the skill is distributed publicly, and it can enable abuse of the upstream router service outside the intended environment.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The code retrieves a router credential from the environment but silently falls back to a hardcoded access key. Embedding a usable default credential in distributed code can enable unauthorized use of the backend service, accidental key reuse across deployments, and makes credential rotation and access control much harder. In a simple Brave search wrapper, this capability is not necessary for local functionality and increases risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation instructs users to fall back to a shared demo key, which encourages authentication with a credential that is public, reused, and outside the user's control. Shared keys enable abuse, make activity attribution impossible, and can expose users to quota exhaustion, service disruption, or unintended data disclosure through a third-party account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal