Security Audit

brave-api-setup

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

brave-api-setup received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Shell Argument, Excessive Permissions: Arbitrary JavaScript Execution in Browser.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Shell Argument The skill instructs the LLM to construct and execute a shell command: `node <skill_dir>/scripts/apply-api-key.js "<extracted-key>"`. While the `<extracted-key>` is enclosed in double quotes, this does not fully prevent command injection if the extracted key itself contains shell metacharacters (e.g., backticks for command substitution, or an unescaped double quote followed by a new command). If the `browser` tool returns a malicious string, the host LLM's shell execution could be compromised. Avoid direct shell interpolation of potentially untrusted data. Instead of passing the key as a shell argument, consider using environment variables (e.g., `BRAVE_API_KEY="<extracted-key>" node ...`) or piping the key to stdin (as suggested by the `apply-api-key.js` script's `--stdin` option). The skill also mentions `gateway config.patch` as a safer alternative, which should be preferred.	LLM	SKILL.md:49
MEDIUM	Excessive Permissions: Arbitrary JavaScript Execution in Browser The skill utilizes the `browser` tool with `action="act"` and `kind="evaluate"`, allowing it to execute arbitrary JavaScript within the browser context. While the provided JavaScript snippet is narrowly focused on extracting the API key, the `evaluate` capability itself is very powerful. It could be used to read sensitive data (cookies, local storage), make network requests to exfiltrate information, or manipulate the DOM in malicious ways if the `fn` argument were not hardcoded or if the skill were modified. If possible, use more granular browser actions that do not allow arbitrary JavaScript execution. If `evaluate` is necessary, ensure the JavaScript code is minimal, thoroughly reviewed, and strictly limited to its intended purpose. Implement robust input validation and sanitization if any part of the `fn` argument could ever be influenced by untrusted input.	LLM	SKILL.md:43

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b7a6e6e2abc27046.svg)](https://skillshield.io/report/b7a6e6e2abc27046)