ClawHub
Back to skill
v1.4.0

Brave Search CLI (bx)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:18 AM.

Analysis

This appears to be a legitimate Brave Search CLI integration, but it routes web searches through an external command/API and includes remote installer instructions users should review.

GuidanceThis skill is reasonable if you want your agent to use Brave Search through the `bx` CLI. Before installing, make sure you trust the Brave CLI source, handle the API key carefully, and remember that web-search results should not be treated as trusted instructions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
use `bx` via `exec` for all web searches. Do not use the built-in `web_search` tool.

This explicitly changes the agent’s web-search routing to the Brave CLI whenever the skill is active.

User impactYour agent may send all web-search-style requests through `bx` instead of its normal built-in search tool.
RecommendationInstall only if you want Brave Search CLI to be the default search route; explicitly tell the agent if you want a different search tool used.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
SKILL.md
curl -fsSL https://raw.githubusercontent.com/brave/brave-search-cli/main/scripts/install.sh | sh

The setup instructions include running a remote installer script from GitHub directly in the shell. This is purpose-aligned for installing the CLI, but users should verify the source.

User impactIf you follow the quick-start install command, you execute code fetched from the internet on your machine.
RecommendationPrefer official release binaries where possible, inspect installer scripts before running them, and verify you are using the intended Brave repository.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Primary credential: BRAVE_SEARCH_API_KEY

The skill requires a Brave Search API key, which is expected for this service but is still a credential users must protect.

User impactSearches may consume your Brave Search API quota or credits, and the API key must remain private.
RecommendationUse a dedicated API key, avoid placing it in command history, and revoke or rotate it if it may have been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
It returns pre-extracted, relevance-scored web content ready for LLM prompt injection.

The skill is designed to feed retrieved web content into the agent context. Web content is untrusted and may contain misleading or instruction-like text.

User impactSearch results could include hostile or misleading webpage text that attempts to influence the agent’s behavior.
RecommendationTreat retrieved web content as untrusted data, verify important claims, and do not let webpage text override your instructions.