Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Brave Search Setup
v1.0.0Configure Brave Search API and troubleshoot network/proxy issues for web_search functionality. Use when user needs to (1) Set up Brave Search API key, (2) Fix web_search fetch failures, (3) Configure proxy for OpenClaw tools on macOS with Clash/V2Ray/Surge, or (4) Diagnose "fetch failed" errors with web_search/web_fetch tools.
⭐ 0· 1.2k·2 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match the actual instructions: it shows how to add a Brave Search API key to OpenClaw config, test web_search/web_fetch, detect local proxy ports (Clash/V2Ray/Surge), set HTTPS_PROXY/HTTP_PROXY, and restart the OpenClaw gateway. There are no unrelated credentials, binaries, or external endpoints required beyond the Brave Search API and common tools.
Instruction Scope
The SKILL.md includes commands that read/write local OpenClaw config (~/.openclaw/openclaw.json), inspect a Clash YAML under the user's Library, set environment variables via launchctl or shell profile, and suggests installing/running proxychains-ng with sudo. These actions are consistent with troubleshooting network/proxy issues, but they will change local shell config, environment, and may store the API key in OpenClaw config (potentially plaintext). Users should be aware the skill directs edits to user files and requires restarting the gateway process.
Install Mechanism
This is an instruction-only skill with a small helper script (scripts/detect-proxy.sh) that scans local ports and reads a Clash config path. There is no install spec, no downloads, and no extracted archives; the script content is simple shell logic and appears benign.
Credentials
The skill does not declare or require external environment variables or credentials beyond the Brave Search API key (which the instructions ask you to place into OpenClaw config). It asks the user to set standard HTTPS_PROXY/HTTP_PROXY env vars to route traffic through a local proxy — appropriate for the stated goal. Note: storing API keys in config files can expose them if files are not protected.
Persistence & Privilege
The skill does not request permanent platform privileges (always:false) and does not modify other skills. It instructs restarting the OpenClaw gateway and setting user-level environment variables (launchctl or shell profile), which is expected for proxy propagation but is a system-level change the user must consciously approve.
Assessment
This skill appears coherent and focused on setting a Brave Search API key and configuring a local proxy for OpenClaw tools. Before running commands: 1) Back up your OpenClaw config (~/.openclaw/openclaw.json) so you can restore it if needed. 2) Prefer using openclaw gateway config.patch (the doc's 'Option A') rather than editing files directly if you want the platform to manage formatting; confirm where/how your API key will be stored (it may be plaintext in config). 3) Review scripts/detect-proxy.sh yourself — it only scans local ports and a known Clash config path. 4) Be cautious when adding exports to shell profiles or running sudo to install proxychains-ng (these change your environment or require elevated privileges). 5) If unsure about exposing your API key or making system changes, run the discovery/test commands manually and ask for help rather than applying the suggested permanent changes.Like a lobster shell, security has layers — review code before you run it.
latestvk976rzvdp42wzsh4qr6dygc3nx80wj8h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.