ClawHub

Brave Search

Web search and content extraction via Brave Search API. Use for searching documentation, facts, or any web content. Lightweight, no browser required.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
161 · 43.7k · 601 current installs · 635 all-time installs
byPeter Steinberger@steipete
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill is advertised as using the Brave Search API and the SKILL.md says it needs BRAVE_API_KEY, but the code (search.js) performs an HTTP GET against https://search.brave.com/search and parses HTML snippets — there is no use of an API key or any Brave API endpoints. The declared registry metadata also lists no required env vars, creating a clear mismatch between advertised purpose and actual capability.
Instruction Scope
SKILL.md tells the user to run `npm ci` and to set BRAVE_API_KEY, but runtime instructions in the code only fetch search.brave.com and arbitrary page URLs and output extracted content to stdout. The code does fetch arbitrary external URLs (search page and any target pages) which is consistent with a search/extraction tool but means the agent will download external HTML (and any content the user asks it to fetch). The explicit ask for BRAVE_API_KEY in the README is not reflected in the code.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md instructs running `npm ci` in the skill directory. A package-lock.json and package.json are provided, and dependencies are pulled from the public npm registry — this is normal for Node tools but installs many third-party packages to disk (moderate risk compared to instruction-only skills). No download-from-unknown-URL or archive extraction is used.
!
Credentials
The README requires BRAVE_API_KEY, but the code does not read any environment variables. Requesting an API key (a secret) is not justified by the implementation. Aside from this mismatch, the skill does not request other credentials or config paths.
Persistence & Privilege
The skill does not request 'always: true' and uses the platform defaults. It does not modify other skills or system-wide settings; runtime behavior is limited to performing HTTP requests and printing output.
What to consider before installing
This skill contains a clear inconsistency: its description and SKILL.md say it uses the Brave Search API and asks for BRAVE_API_KEY, but the code simply scrapes https://search.brave.com and never reads an API key. Before installing or running: (1) ask the publisher why an API key is claimed but not used; (2) review the code yourself (it will fetch arbitrary URLs and output their content — don't point it at private/internal URLs or pages containing secrets); (3) run `npm ci` and the scripts in an isolated/sandboxed environment if you want to test; and (4) if you need an official Brave Search API integration, prefer a skill that actually uses the documented API and declares the credential requirement accurately.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97ab5vrvsb8dwdqkcy7ctm42x7yn2ek

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Brave Search

Headless web search and content extraction using Brave Search. No browser required.

Setup

Run once before first use:

cd ~/Projects/agent-scripts/skills/brave-search
npm ci

Needs env: BRAVE_API_KEY.

Search

./search.js "query"                    # Basic search (5 results)
./search.js "query" -n 10              # More results
./search.js "query" --content          # Include page content as markdown
./search.js "query" -n 3 --content     # Combined

Extract Page Content

./content.js https://example.com/article

Fetches a URL and extracts readable content as markdown.

Output Format

--- Result 1 ---
Title: Page Title
Link: https://example.com/page
Snippet: Description from search results
Content: (if --content flag used)
  Markdown content extracted from the page...

--- Result 2 ---
...

When to Use

  • Searching for documentation or API references
  • Looking up facts or current information
  • Fetching content from specific URLs
  • Any task requiring web search without interactive browsing

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…