Brave Search
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Brave Search integration, with the main things to notice being Maton API-key use, Maton gateway routing, and documented connection-management actions.
Install this skill only if you are comfortable letting the agent use your MATON_API_KEY to send Brave Search requests through Maton. Review any connection create/delete request carefully, and avoid using it for highly sensitive searches unless Maton's gateway and privacy model meet your needs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed with MATON_API_KEY available, the agent can make Brave Search API calls using the user's Maton account context.
The skill requires a bearer API key to act through the user's Maton-managed Brave Search access.
All requests require the Maton API key in the Authorization header: ... Authorization: Bearer $MATON_API_KEY
Use a key you are comfortable delegating to the agent, keep it secret, and rotate it if it is exposed.
Search terms can reveal private interests or work topics and will be sent to Maton's API gateway as part of normal use.
The skill routes search requests through Maton's gateway before reaching Brave Search, so search queries and responses pass through an external provider.
Base URL ... https://api.maton.ai/brave-search/{native-api-path} ... Maton proxies requests to `api.search.brave.com`Avoid sending highly sensitive queries unless you are comfortable with Maton's role as the managed API gateway.
With user approval, the agent could change the user's Maton connection state, such as creating or deleting a Brave Search connection.
The skill documents API calls that can create or delete managed Brave Search connections, while also instructing explicit approval for write operations.
Create Connection ... method='POST' ... Delete Connection ... method='DELETE' ... All write operations require explicit user approval.
Before approving any create or delete action, verify the target connection ID and the intended effect.