Brave Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward web search and page-extraction skill, with documentation issues but no evidence of malware, persistence, or hidden local access.

Install only if you are comfortable sending search queries to Brave and requested page URLs to the target websites. Do not provide a Brave API key for this version unless the implementation is corrected to use it. Avoid searching for secrets or proprietary internal terms, and treat extracted webpage text as untrusted reference material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises and documents networked behavior but does not declare corresponding permissions, which weakens reviewability and policy enforcement. In an agent environment, undeclared network access can bypass user expectations and make exfiltration or unapproved outbound requests harder to detect.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented purpose says the skill uses the Brave Search API, but the analyzed behavior indicates it also fetches arbitrary URLs and may scrape Brave HTML directly. This mismatch is dangerous because it expands the trust boundary beyond what users and reviewers expect, enabling unrestricted web retrieval, possible SSRF-style access to internal endpoints in permissive environments, and brittle scraping behavior outside the declared API contract.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This script sends the user's raw search query to Brave Search and, when --content is used, fetches arbitrary third-party pages, but the file provides no in-band privacy warning, consent prompt, or data-handling disclosure. In an agent skill context, users may supply sensitive internal terms, credentials, or proprietary questions assuming local processing, so silent transmission to external services creates a real privacy and data-exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal