Brave Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Brave Search API helper, but users should understand that queries, optional location data, and connection management go through Maton using their API key.

Install only if you are comfortable giving the agent a Maton API key and routing Brave Search requests through Maton. Review any connection creation or deletion before approving it, and avoid sending precise latitude/longitude unless location-aware search is truly needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The manifest frames the skill as simple search, but the body also documents connection lifecycle operations including create and delete. This expands the effective capability surface beyond what callers may expect, increasing the chance an agent invokes account-affecting actions without appropriate review or policy gating.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The manifest omits local POI lookup, autosuggest, spellcheck, and summarizer features, so consumers may treat the skill as narrower and less privacy-sensitive than it really is. Hidden or undocumented capability expansion undermines informed consent, policy review, and least-privilege routing decisions.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The documentation claims all write operations require explicit user approval, but it provides direct create/delete examples with no technical enforcement or workflow guard. In an agent setting, documentation-only safeguards are weak and can lead to unintended state changes if the agent follows examples literally.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The location example sends precise latitude/longitude and related location metadata to an external service without a strong privacy warning or minimization guidance. In an agent context, this can expose sensitive user whereabouts or habitual locations beyond what is necessary for many queries.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal