ClawHub

Brave Rotator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Brave Search helper that uses user-provided API keys, makes Brave API requests, and stores local rotation state.

Install only if you intend to use Brave Search with API keys you provide. Use dedicated Brave API keys, avoid setting BRAVE_KEY_STATE_FILE to sensitive or shared paths, and protect the state file because it records per-key rotation information locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Tainted flow: 'STATE_FILE' from os.environ.get (line 26, credential/environment) → pathlib.Path.write_text (file write)

Medium
Category
Data Flow
Content
def save_state(state):
    STATE_FILE.write_text(json.dumps(state, indent=2))


def get_keys():
Confidence
78% confidence
Finding
STATE_FILE.write_text(json.dumps(state, indent=2))

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises executable behavior that uses environment variables, local state files, and network access, but it does not declare permissions or otherwise make those capabilities explicit. This creates a transparency and governance gap: a host system or reviewer may underestimate the skill's access, while the script can read API keys from the environment, write persistent state, and make outbound requests.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description uses broad activation language such as triggering on any web, news, image, or general search task, which can cause the skill to be invoked more often than necessary. Over-broad triggering increases attack surface and the chance that API keys, network access, and file-writing behavior are exercised in unintended contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal