ClawHub

Brave Api Setup

v0.1.2

Set up Brave Search API for OpenClaw web_search. Use when user needs to configure Brave API, get Brave API key, enable web search, or fix "missing_brave_api_key" error.

1· 1.6k·5 current·5 all-time
by@garibong-labs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask to configure Brave API for OpenClaw web_search. Required binary (node) and the included node script that writes to ~/.openclaw/openclaw.json are exactly what you'd expect for applying an API key. No unrelated credentials or services are requested.
Instruction Scope
SKILL.md instructs the agent to use the OpenClaw browser profile to navigate the Brave API dashboard, click reveal, and run an in-page JS evaluation to extract the BSA key, then call the included Node script to write it to the OpenClaw config. This stays within the stated purpose, but it requires the agent/browser to access the user's logged-in Brave dashboard and page DOM (sensitive session access). The skill explicitly avoids routing the key through the LLM, which matches the provided code.
Install Mechanism
Instruction-only skill with a small included Node script; no external downloads, package installs, or archive extraction. This is a low-risk install surface — it only requires that 'node' be available to run the included script.
Credentials
The skill declares no required env vars or credentials and does not request unrelated secrets. It does rely on process.env.HOME in the Node script to find ~/.openclaw/openclaw.json and on the OpenClaw browser profile/session to access the Brave dashboard — both are proportional to extracting and applying a user API key. One small inconsistency: SKILL.md references the 'browser' tool dependency but the registry metadata doesn't explicitly list that capability; this is likely a tooling/metadata omission rather than malicious.
Persistence & Privilege
The skill is not marked always:true and does not request permanent or elevated platform privileges. The included script writes only to the user's OpenClaw config (~/.openclaw/openclaw.json), which is within the expected scope for applying an API key; it does not modify other skills or system-wide settings.
Assessment
This skill appears to be coherent and limited to its stated job, but it will access your logged-in Brave dashboard (via the agent/browser) and will write to your OpenClaw config file. Before installing or running it: 1) review the included scripts (scripts/apply-api-key.js) yourself (it is short and only reads/writes ~/.openclaw/openclaw.json), 2) back up ~/.openclaw/openclaw.json, 3) confirm you want the agent/browser to access the dashboard session used to create the key, and 4) consider manually running the node script with a known key (or in a safe environment) to verify behavior. If you have doubts about the source, contact the developer or type the key into your config manually instead of automating the reveal/capture step.

Like a lobster shell, security has layers — review code before you run it.

latestvk974as7p52a4dat78bqxna3k4180w7x0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments