ClawAudit verdict
free-search-aggregator
The skill performs web searches using multiple providers with automatic failover and quota checks. It does not exfiltrate data but enhances search reliability and quality. The capabilities used are for its stated purpose.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (3)
Possible hardcoded credential
scripts/fsearch.sh · prose · downgraded · API_KEY="${BRAVE_API_KEY:-}
Python os.environ.get — reads environment variable
src/free_search/__main__.py · prose · downgraded · os.environ.get(
Python os.getenv — reads environment variable
src/free_search/storage.py · prose · downgraded · os.getenv(
Permissions & capabilities
No declared permissions — minimal attack surface.
network_in Is this flag fair?
Thanks — recorded.