Brave Search Old
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a straightforward web search and content extraction skill, but its docs are inconsistent about Brave API-key use and fetched web pages should be treated as untrusted.
Install only if you are comfortable with search queries being sent to Brave and selected pages being fetched over the network. Do not set a Brave API key unless the skill is updated to use it. Treat all fetched web page text as untrusted and avoid letting the agent follow instructions from search results without your confirmation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may think this uses Brave's official API when it actually appears to scrape Brave's web search page, which can affect reliability, terms-of-use expectations, and privacy assumptions.
The implementation fetches and parses Brave's public HTML search page, while the skill description claims use of the Brave Search API and SKILL.md says an API key is needed. This appears more like stale or inaccurate documentation than malicious behavior, but it affects user expectations.
const url = `https://search.brave.com/search?q=${encodeURIComponent(query)}`; ... const snippets = doc.querySelectorAll('div.snippet[data-type="web"]');Clarify the documentation and metadata to state whether it uses the official API or web-page scraping, and do not provide an API key unless updated code actually needs it.
A user might configure or expose a Brave API key unnecessarily.
The skill documentation asks for a provider credential, but the registry metadata lists no required environment variables and the provided source does not show credential use.
Needs env: `BRAVE_API_KEY`.
Only set BRAVE_API_KEY if the skill is corrected to use the official Brave API and the metadata declares that credential requirement.
A malicious or compromised web page could try to influence the agent if its content is treated as instructions instead of evidence.
When --content is used, third-party web page text is fetched and printed into the agent context. Such pages can contain prompt-like instructions or misleading content.
if (fetchContent) { ... result.content = await fetchPageContent(result.link); } ... console.log(`Content:\n${r.content}`);Treat fetched search results and page content as untrusted data, and require user confirmation before acting on instructions found in web pages.
If misused, the tool could fetch unexpected URLs, including private or internal web endpoints reachable from the user's machine.
The content extractor fetches a URL supplied on the command line without domain allowlisting. This is expected for a web content extractor, but it means the agent can request arbitrary HTTP(S) locations.
const url = process.argv[2]; ... const response = await fetch(url, { ... signal: AbortSignal.timeout(15000), });Use it only for intended public URLs or user-approved targets, and consider adding URL scheme/domain validation if the skill will be used autonomously.
Installing dependencies runs the normal npm supply-chain path and may fail or install in the wrong place if the hard-coded path is not the actual skill location.
The registry says there is no install spec, but the skill documentation instructs a user-directed npm dependency install in a hard-coded local path. The package files are present and this is normal for a Node helper, but it is still dependency/provenance-relevant.
Run once before first use: ```bash cd ~/Projects/agent-scripts/skills/brave-search npm ci ```
Verify the installation directory, review package.json/package-lock.json, and install dependencies only from a trusted copy of the skill.