Brave Search MCP Server
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Brave Search integration, but using it means running an external npm/GitHub MCP server and giving it a Brave API key.
Before installing, confirm the npm package and GitHub repository are genuinely controlled by Brave, consider pinning a known version, use a dedicated Brave API key, and avoid sending sensitive search terms or precise locations unless you are comfortable sharing them with Brave Search.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the package executes code supplied outside this skill artifact.
The setup uses external npm/GitHub sources and does not pin a version. This is normal for an MCP server install, but users should verify the package and repository provenance before running it.
npm install -g @brave/brave-search-mcp-server ... npx ... @brave/brave-search-mcp-server ... git clone https://github.com/brave/brave-search-mcp-server
Verify that the npm package and GitHub repository are Brave-controlled, and consider pinning a trusted version instead of relying on the latest package.
The configured server can use the user's Brave Search API quota and any permissions associated with that key.
The MCP configuration expects a Brave API key. That is purpose-aligned for Brave Search, but it grants access to the user's API quota/account and is not declared in the registry metadata.
"env": { "BRAVE_API_KEY": "YOUR_API_KEY_HERE" }Use a dedicated Brave API key with the least necessary access, store it only in the MCP environment, and monitor usage or revoke it if no longer needed.
Sensitive search terms or precise locations included in prompts may be shared with Brave's API.
The skill sends search queries, and potentially locations for local search, to an external search API. This is the core purpose of the tool but is still a data-sharing boundary users should notice.
Provides comprehensive search capabilities ... Brave Search API ... `location` (optional) - City, address, coordinates
Avoid putting private personal, business, or precise location details into searches unless you intend to send them to the Brave Search API.