Brave Search Setup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Brave Search and macOS proxy setup guide, with persistent proxy commands users should run only intentionally.

Install this only if you intend to configure Brave Search or troubleshoot proxy access for OpenClaw. Prefer the session-only proxy exports first, protect your Brave API key, and avoid the permanent ~/.zshrc, launchctl, or sudo proxychains steps unless you understand how to reverse those local configuration changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the user to append proxy environment variables to ~/.zshrc, which creates a persistent system-wide behavior change for future shell sessions, but it does not explicitly warn that this change is lasting or may affect unrelated commands and tools. Persistent proxy settings can unintentionally route other traffic through a local proxy, break networking, or create confusing troubleshooting conditions later.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal