Back to skill
Skillv1.0.0
ClawScan security
yee-brave-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 11, 2026, 9:55 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and SKILL.md match the described Brave Search purpose, but the registry metadata omits the required BRAVE_API_KEY environment variable — an incoherence that deserves caution before installing.
- Guidance
- This skill appears to implement a straightforward Brave Search client, but the package metadata failing to declare the BRAVE_API_KEY requirement is a notable inconsistency. Before installing: (1) verify the skill source/owner or request an authoritative homepage/repo; (2) review the included brave_search.py (which you already have) to confirm it only calls Brave's API (it does); (3) only provide a dedicated Brave API key with least privilege, and consider using an isolated environment; (4) ask the publisher to update the registry metadata to declare BRAVE_API_KEY so automated checks and users aren't misled. If you can't verify the source, avoid installing or run it in a sandbox and rotate the API key after testing.
Review Dimensions
- Purpose & Capability
- concernName, description, SKILL.md, and brave_search.py all describe and implement a Brave Search API client — that part is coherent. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and the script both require BRAVE_API_KEY. This mismatch between declared requirements and actual needs is a red flag for incomplete or inaccurate metadata.
- Instruction Scope
- okThe SKILL.md instructs placing the files in skills/, making the script executable, and setting BRAVE_API_KEY. The script only constructs an HTTPS request to Brave's official API endpoint and prints JSON results. There are no instructions to read unrelated files, network endpoints beyond Brave Search, or to exfiltrate additional data.
- Install Mechanism
- okNo install spec (instruction-only), and no external downloads or archives. A small Python script is included; nothing is being fetched from arbitrary URLs or installed automatically. This is low-risk from an install mechanism perspective.
- Credentials
- concernThe code reads a single environment variable BRAVE_API_KEY and uses it only as the X-Subscription-Token header for Brave Search API calls — that is proportionate for the stated purpose. The concern is that the registry metadata does not declare this required credential (Required env vars: none, Primary credential: none), which could mislead users and automated systems about what secrets the skill needs.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request elevated or persistent system privileges and does not modify other skill configurations. Autonomous invocation is allowed by default but is not combined here with broad credentials or other concerning behavior.