alexey-brave-search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a benign web-search helper, but its documentation is inconsistent about using the Brave API/key and it requires a manual npm dependency install plus external web fetching.
Before installing, be comfortable running npm ci for this skill’s dependencies and note that the code appears to scrape Brave search results rather than use the official Brave Search API or BRAVE_API_KEY. Use it for public web searches and selected public URLs, and treat all returned page content as untrusted web text.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may download and install npm dependencies on the local machine.
The skill requires a manual npm dependency installation even though the registry says there is no install spec. This is common for Node-based helper scripts, but users should notice that package code will be installed.
Run once before first use: cd ~/Projects/agent-scripts/skills/brave-search npm ci
Install only from the expected skill directory, keep the lockfile intact, and review dependency changes before updating.
Users may incorrectly assume the official Brave API and API key are being used.
The implementation queries Brave’s public search HTML page, while the skill description says it uses the Brave Search API and SKILL.md says it needs BRAVE_API_KEY. This appears to be a documentation/implementation mismatch rather than credential abuse.
const url = `https://search.brave.com/search?q=${encodeURIComponent(query)}`;Do not rely on the advertised API-key behavior unless the implementation is updated; treat it as a Brave web-search scraper based on the included code.
Running the content extractor sends a request from the user’s environment to the chosen URL and returns page text.
The content extractor fetches a user-supplied URL. That is central to the skill’s purpose, but it means the command can make outbound requests to arbitrary URLs.
const url = process.argv[2];
...
const response = await fetch(url, {Use it for public web pages you intend to fetch; avoid sensitive internal or private-network URLs unless that is explicitly intended.
A webpage could include text that tries to influence the agent if treated as instructions rather than source material.
Fetched webpage content is printed back for the agent/user to consume. Webpage text can contain untrusted instructions or misleading content, although this skill does not persist it or make it authoritative.
if (r.content) {
console.log(`Content:\n${r.content}`);
}Treat search snippets and extracted page content as untrusted reference material, not as instructions to the agent.