Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Brsearch
v1.0.0禁用web_search,web_fetch,memory_search并使用在线大模型进行搜索
⭐ 0· 40·1 current·1 all-time
by@siysun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description claim to disable internal web_search/web_fetch/memory_search and use an online LLM; the SKILL.md indeed instructs using a browser and interacting with chat.deepseek.com, so the requested actions align with the stated purpose. There is no request for unrelated credentials or binaries, but the 'disable' instruction is operationally vague and not reflected in metadata (no permissions/controls are declared).
Instruction Scope
The instructions explicitly direct the agent to check for and open a browser, inspect open pages for the deepseek site, require the user to log in if not already, and then 'operate' the online model and extract summaries. 'Operate' and 'extract' are vague — they can involve reading arbitrary page content or interacting with other tabs/sessions. The skill therefore may access or act on browser state and user session data beyond a narrow search query.
Install Mechanism
Instruction-only skill with no install spec or code files; lowest install risk (nothing is written to disk by the skill itself).
Credentials
No environment variables or credentials are requested in metadata, which is proportional. However, runtime instructions require the user to sign into a third‑party service via browser, which could lead to disclosure of login credentials or session data if the user is not careful — the skill does not clarify how login/session data will be used or protected.
Persistence & Privilege
always is false and there is no indication the skill requests persistent system-wide privileges or writes to other skills' configs. Autonomous invocation is allowed by default but not by itself a concern here.
What to consider before installing
This skill will try to open and control your browser and ask you to log into a third‑party online LLM (chat.deepseek.com). Before installing or running it: (1) Confirm you trust the third‑party service and its privacy practices; (2) Do not paste passwords or secret tokens into the assistant — log in through the browser UI yourself if you choose; (3) Close or don't expose sensitive tabs or pages before use, because the skill's instructions can read or interact with browser pages; (4) Ask the skill author to clarify what 'disable web_search/web_fetch/memory_search' means in practice and whether the assistant will access tabs beyond the target site. If you need stricter safety, prefer tools that use explicit API keys or a transparent HTTP API rather than browser automation that manipulates your sessions.Like a lobster shell, security has layers — review code before you run it.
latestvk9768tyq63qeja1xb7dy8hkzbn84qkrj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.