Brave Search MCP Server

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Brave Search MCP skill, with expected search/API-key risks but no evidence of hidden, destructive, or deceptive behavior.

Before installing, confirm the npm package or GitHub repository is the Brave-controlled source, consider pinning a known version, use a dedicated Brave API key, and avoid sending secrets, confidential business data, or precise personal locations unless you intend to share them with Brave Search.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description and usage guidance are very broad, encouraging invocation for many generic internet-information tasks. In practice, this can cause the agent to route a wide range of user requests to an external search provider unnecessarily, increasing data exposure and creating an overly permissive tool-selection surface.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The markdown promotes search and local POI features but does not clearly warn that user queries, including possibly sensitive topics and location data, are transmitted to Brave's external service. This can lead to unintentional disclosure of personal, confidential, or regulated information because users and agent developers may not realize data leaves the local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal