Openclaw Brave Plugin 2026.5.26.Tgz

Security checks across malware telemetry and agentic risk

Overview

This official OpenClaw Brave search plugin is coherent with its stated purpose, with a privacy note for diagnostic logging of search queries.

Install is reasonable for users who want Brave-backed web search and are prepared to provide a Brave Search API key. Avoid enabling Brave HTTP diagnostics unless you are comfortable with search terms appearing in logs, and use a trusted base URL if overriding the default Brave endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: When diagnostics are enabled, the logger records the full request URL, raw search query, and all query parameters. Search terms often contain sensitive user data, and logging them can create a secondary exposure path through log storage, aggregation systems, or operator access even if the outbound provider call is otherwise expected.

VirusTotal

59/59 vendors flagged this plugin as clean.

View on VirusTotal