ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Power Search

v2.1.2

Self-hosted research tool combining Brave Search API + Browserless content fetching. Search the web with optional full-page content extraction and HTML parsing.

0· 48·0 current·0 all-time
byChurch@churchtg7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code, SKILL.md, and package manifest implement a CLI + Telegram handler that calls Brave Search and a Browserless instance — this matches the description. However the registry metadata claims no required env vars/binaries while SKILL.md and the runtime code require Docker, Node, npm and a BRAVE_API_KEY. That mismatch (required secret/runtime dependency omitted from registry) is an incoherence that could mislead users about what credentials/install steps are needed.
Instruction Scope
SKILL.md describes installing Docker/Browserless, setting BRAVE_API_KEY, and using the 'search' CLI or Telegram integration — and the code follows those instructions. The handler and runners fetch external URLs and POST to the configured Browserless host. The instructions assume a local Browserless, but nothing in the code prevents BROWSERLESS_HOST being set to a remote host, which would redirect fetches to an external endpoint. Also SKILL.md references a placeholder GitHub clone URL ('yourusername'), while the skill's Source/Homepage are unknown — that's an inconsistency in distribution instructions.
Install Mechanism
The skill is listed as instruction-only (no install spec) but the bundle includes code files and a package.json (with a 'search' binary). Installation guidance relies on clawhub or git+npm install and running Docker for Browserless. There is no remote binary download or obfuscated installer — lower install risk — but the missing canonical source/homepage and placeholder git URL reduce transparency.
!
Credentials
The runtime code requires a sensitive environment variable BRAVE_API_KEY (and optionally BROWSERLESS_HOST/PORT). The skill registry metadata did not declare any required env vars, creating an omission. The Telegram integration does not request Telegram credentials (which is fine if the platform routes messages), but the BRAVE_API_KEY is essential and sensitive and should have been declared. Additionally, because Browserless will fetch arbitrary URLs, if BROWSERLESS_HOST is set to a remote/attacker-controlled host it could be used to relay or exfiltrate fetched content — the documentation suggests local Browserless but the code allows any host.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It is user-invocable and can be invoked autonomously by the agent (default), which is normal. The code does not attempt to modify other skills or system-wide agent settings.
What to consider before installing
This skill appears to implement the advertised Brave Search + Browserless fetcher, but check a few things before installing: - Expect to set BRAVE_API_KEY in your environment; the registry metadata omitted this. Do not proceed without providing the key deliberately. - Prefer running Browserless locally (as the docs recommend). If you set BROWSERLESS_HOST to a remote service, that remote host will receive the HTML content of pages the skill fetches — treat that as sensitive. - The package includes a placeholder git clone URL and no homepage/source; verify the canonical source (repository URL) and authenticity before trusting the package. - Review the included scripts (brave-search.js, browserless.js, telegram-handler.js) yourself to confirm they match your expectations; the code is plain JS and relatively small to audit. - If you plan to expose this as a Telegram-commandable skill to others, be aware it will fetch arbitrary URLs discovered from search results — consider rate-limiting, content sanitization, and restricting which sites can be fetched to reduce misuse or accidental access to internal resources. Given the mismatches and the ability to fetch arbitrary pages, treat this as suspicious until you confirm the source and configure Browserless/keys securely.
scripts/search-runner.js:11
Environment variable access combined with network send.
scripts/search.js:8
Environment variable access combined with network send.
scripts/telegram-handler.js:11
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bhf49w7xp25z9xr1b68rfy1848yy6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments