Brightdata
AdvisoryAudited by VirusTotal on Apr 11, 2026.
Overview
Type: OpenClaw Skill Name: brightdata Version: 1.0.0 The skill bundle contains a shell injection vulnerability in scripts/search.sh due to the unsafe use of the 'CURSOR' argument within a bash arithmetic expansion ($((CURSOR * 10))). A crafted input for the cursor could lead to arbitrary command execution. Additionally, both scripts/search.sh and scripts/scrape.sh lack input sanitization when passing user-provided queries and URLs into shell commands and JSON payloads, which is a high-risk pattern even if not explicitly malicious. The tools are otherwise functional wrappers for the legitimate Bright Data API (api.brightdata.com).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or user passes untrusted text as the cursor, the helper may run unexpected local shell behavior instead of only selecting a search-results page.
The second command-line argument is documented as a numeric page cursor, but it is used directly in Bash arithmetic expansion without validation. Bash arithmetic can evaluate variable contents as expressions, so crafted non-numeric cursor values can cause unintended behavior and may enable command-execution patterns rather than simple pagination.
CURSOR="${2:-0}"
...
URL="https://www.google.com/search?q=$(echo "$QUERY" | sed 's/ /+/g')&hl=en&gl=us&num=10&start=$((CURSOR * 10))"Validate the cursor before arithmetic, for example require `[[ "$CURSOR" =~ ^[0-9]+$ ]]`, reject anything else, and avoid evaluating untrusted strings in Bash arithmetic.
The agent could scrape sites in ways that may violate a site’s terms, trigger Bright Data account costs, or be inappropriate without user approval.
The anti-bot/CAPTCHA-bypass capability is disclosed and aligned with Bright Data scraping, but it is broad and applies to arbitrary public URLs.
Both bypass bot detection and CAPTCHAs. ... - `url`: Any public URL (required).
Use only on URLs the user has approved and is allowed to access; consider adding explicit guidance to avoid protected, private, or terms-restricted targets.
Actions run through this skill use the user’s Bright Data account and quota.
The script uses the user’s Bright Data API key to authenticate requests, which is expected for this provider integration.
-H "Authorization: Bearer $BRIGHTDATA_API_KEY"
Provide a scoped Bright Data key where possible and monitor usage; do not expose the key in prompts, logs, or shared environments.
Search terms and scraped URLs, including any sensitive query parameters in those URLs, may be sent to Bright Data.
User-selected URLs are transmitted to Bright Data’s API for scraping. This is expected for the skill, but it is an external provider data flow.
-d "{\"zone\":\"$BRIGHTDATA_UNLOCKER_ZONE\",\"url\":\"$URL\",\"format\":\"markdown\"}" \
https://api.brightdata.com/requestAvoid scraping URLs containing private tokens, account-specific links, or confidential query parameters unless sharing them with Bright Data is acceptable.