ClawHub

Brave Api Setup

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with setting up Brave Search for OpenClaw, but it should be reviewed because it can reveal and store a live API key through broadly scoped instructions.

Install only if you intend to let the agent access your Brave API dashboard and write the API key into OpenClaw configuration. Confirm the agent redacts the key in output/logs, and prefer invoking it only for explicit Brave API setup or missing-key repair tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases include broad terms like 'Brave Search', 'brave api', 'web_search', and 'search API', which can cause the skill to activate for generic search-related requests outside the user's intended task. Overbroad activation increases the chance that a sensitive workflow involving credential extraction and configuration changes is invoked in the wrong context.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill automates revealing, extracting, and writing a live API key into configuration without a clear up-front warning or explicit consent checkpoint. Because API keys are sensitive secrets, silently pulling them from a dashboard and persisting them creates a real risk of unauthorized disclosure, accidental logging, or unexpected credential reuse.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions explicitly direct the agent to reveal an existing Brave API key from the user's dashboard, extract it via page JavaScript, and apply it to configuration. In context, this is credential harvesting and secret propagation by automation; even if intended for setup, it materially increases the risk of secret exposure through tool logs, snapshots, command history, or misuse if the skill is triggered unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal