Brave Search 1.0.1
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may believe their searches use Brave's official API and key-based controls, when the code actually sends queries to Brave's public website scraper path; reliability, privacy expectations, and terms of use may differ.
This shows the search implementation fetches Brave's public HTML search page with browser-like headers, while the skill is documented as using the Brave Search API/API-key flow.
const url = `https://search.brave.com/search?q=${encodeURIComponent(query)}`; ... "User-Agent": "Mozilla/5.0 ..."Either implement the official Brave Search API with explicit key handling, or update the documentation to clearly disclose HTML scraping and remove API-key claims.
A user could create or expose an API key unnecessarily, without the skill actually using it.
The registry declares no required environment variables, and the provided source does not reference BRAVE_API_KEY, so the requested credential is not clearly scoped or justified by the implementation.
Needs env: `BRAVE_API_KEY`.
Remove the API-key setup instruction if unused, or declare and use the key only for the intended official Brave API calls.
If the agent is directed to fetch internal, localhost, or private-network URLs, requests would originate from the user's machine.
The skill fetches user- or agent-supplied URLs from the local environment. That is central to content extraction, but there is no allowlist or private-address guard.
const url = process.argv[2]; ... const response = await fetch(url, { ... signal: AbortSignal.timeout(15000) });Use the URL fetcher only for intended public pages, and consider adding safeguards against localhost/private-network targets.
A malicious page could try to influence the agent if its text is treated as instructions instead of untrusted content.
Fetched web-page text is printed back into the agent/user context, and arbitrary web pages can contain adversarial instructions.
result.content = await fetchPageContent(result.link); ... console.log(`Content:\n${r.content}`);Treat search results and fetched page content as untrusted data; do not follow instructions found in retrieved pages without user confirmation.
Installing pulls third-party npm packages into the local environment.
The skill requires a manual npm dependency install, while the registry lists no install spec and the source/homepage are unknown. The included lockfile mitigates this, but users should still be aware of the third-party package install.
Run once before first use: ```bash cd ~/Projects/agent-scripts/skills/brave-search npm ci ```
Review the package-lock and dependency provenance before running npm ci, and avoid running installs with unnecessary sensitive environment variables set.