Security audit

alexey-brave-search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward web search and page-content extraction helper, with some documentation imprecision but no evidence of hidden access, persistence, or destructive behavior.

Install only if you are comfortable with a CLI skill that sends search queries to Brave and fetches public web pages for extraction. Treat fetched page text as untrusted reference material, and note that this appears to be a Brave web scraper rather than an official Brave Search API client despite the API-key wording.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises network-capable behavior but does not declare permissions, which weakens policy enforcement and makes its actual capabilities less transparent to the agent runtime and reviewers. Hidden or undeclared network access can enable unintended external requests, data exfiltration, or unsafe use in contexts where networked skills should be restricted.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior says the skill uses the Brave Search API, but the analyzed behavior reportedly also includes arbitrary URL fetching and HTML scraping of search results. This mismatch is dangerous because users and policy systems may trust the narrower stated purpose while the skill can access broader web content paths, increasing the chance of unreviewed data access, SSRF-like internal fetches if reachable, or bypass of expected API-based controls.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation scope is broad enough to match many routine requests involving facts, documentation, or web content, which can cause over-invocation of a networked skill. In practice, this increases exposure by sending more user queries to external services than necessary and can unexpectedly expand the situations in which arbitrary web retrieval is triggered.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal