← 返回 Skills 市场
brave-shim
作者
weare20202020
· GitHub ↗
· v1.0.0
· MIT-0
82
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install brave-shim
功能描述
Set up brave_shim as a free local proxy for OpenClaw web_search, routing Brave API requests to DuckDuckGo. Use when user asks to enable free web search, conf...
使用说明 (SKILL.md)
brave-shim
Local proxy that makes OpenClaw's Brave Search provider route to DuckDuckGo for free, without any API key.
How it works
- A Python FastAPI service (brave_shim) runs locally on
http://127.0.0.1:8000 - It implements the Brave Search API format but fetches results from DuckDuckGo via
ddgs - OpenClaw's built-in Brave provider is redirected to this local service
Setup
1. Install brave_shim
# Clone the repo
git clone https://github.com/asoraruf/brave_shim \x3Cclone-path>
# Create venv and install dependencies
python -m venv \x3Cclone-path>/venv
# Windows:
\x3Cclone-path>\venv\Scripts\activate
pip install fastapi uvicorn ddgs pyyaml
# Linux/Mac:
source \x3Cclone-path>/venv/bin/activate
pip install fastapi uvicorn ddgs pyyaml
2. Patch OpenClaw Brave provider URL
The Brave provider in OpenClaw's bundled JS calls https://api.search.brave.com. Replace it with http://127.0.0.1:8000:
import subprocess, re, os
dist_dir = r"\x3Copenclaw-dist>"
pattern = r'(const BRAVE_SEARCH_ENDPOINT|const BRAVE_LLM_CONTEXT_ENDPOINT) = "[^"]+"'
replacement = {
"const BRAVE_SEARCH_ENDPOINT": 'const BRAVE_SEARCH_ENDPOINT = "http://127.0.0.1:8000/res/v1/web/search"',
"const BRAVE_LLM_CONTEXT_ENDPOINT": 'const BRAVE_LLM_CONTEXT_ENDPOINT = "http://127.0.0.1:8000/res/v1/llm/context"',
}
for fname in os.listdir(dist_dir):
if fname.startswith("brave-web-search-provider") and fname.endswith(".js"):
fpath = os.path.join(dist_dir, fname)
content = open(fpath).read()
new_content = re.sub(pattern, lambda m: replacement.get(m.group(1), m.group(0)), content)
open(fpath, "w").write(new_content)
3. Configure OpenClaw
# Enable brave plugin (disabled by default)
openclaw config set plugins.entries.brave.enabled true
# Set Brave as search provider
openclaw config set tools.web.search.provider brave
# Restart gateway
openclaw gateway restart
4. Start shim service
# From brave_shim directory
.\venv\Scripts\python brave_shim.py
# Keep running in background
5. Verify
curl "http://127.0.0.1:8000/res/v1/web/search?q=hello+world"
# Should return JSON with web results
openclaw
# Then test: web_search { query: "test" }
Scripts
scripts/setup_brave_shim.py— Automated install: clone, venv, pip installscripts/patch_openclaw.py— Patch OpenClaw dist JS files to redirect Brave APIscripts/start_shim.py— Start brave_shim service
Troubleshooting
"fetch failed" after setup:
- Check shim is running:
Invoke-WebRequest http://127.0.0.1:8000/res/v1/web/search?q=test - If shim is DOWN: re-run
python brave_shim.py - If NO_PROXY blocks localhost: remove from env or set
NO_PROXY=localhost,127.0.0.1
"missing_brave_api_key" error:
plugins.entries.braveneedsenabled: true— runopenclaw config set plugins.entries.brave.enabled true
"missing_gemini_api_key" instead:
- Brave plugin still not enabled — check
openclaw doctorfor disabled plugin warnings
安全使用建议
This skill will download code from a third‑party GitHub repo, install Python packages, and patch OpenClaw's distributed JS files to point Brave calls at a local server. Before installing, do the following: 1) Inspect the remote repository (https://github.com/asoraruf/brave_shim) and brave_shim.py to ensure it contains only the expected shim behavior; 2) Back up your OpenClaw installation (or test in an isolated VM/container) because the patch script overwrites files and contains a hardcoded Windows path that may not match your system; 3) Prefer official plugin/config options or ask the OpenClaw project for a supported approach if available; 4) Run the setup scripts only with least privilege, and avoid running them as admin/root until you verify the code; 5) If you proceed, consider editing scripts to point to the correct OpenClaw install path and to avoid running shell commands with unescaped inputs. If you want, I can: review the remote repo's brave_shim.py for risky behavior, show a safer patch plan that doesn't overwrite dist files, or produce containerized run instructions.
功能分析
Type: OpenClaw Skill
Name: brave-shim
Version: 1.0.0
The skill performs highly intrusive actions by monkey-patching the OpenClaw application's distribution JavaScript files (scripts/patch_openclaw.py) to redirect hardcoded API endpoints to a local service. It also downloads and executes external code from a GitHub repository (https://github.com/asoraruf/brave_shim) via scripts/setup_brave_shim.py. While these behaviors are consistent with the stated goal of creating a search proxy, the modification of application source code and the execution of unverified remote scripts represent significant security risks without being explicitly malicious.
能力评估
Purpose & Capability
The declared purpose (route Brave API calls to a local DuckDuckGo shim) matches the included scripts, but the patch script writes into OpenClaw's distribution folder (modifies other package files). The registry metadata did not declare any required config paths or file system access, yet the code expects to modify OpenClaw's install (hardcoded OPENCLAW_DIST = "F:\\npm\\node_modules\\openclaw\\dist"). Modifying another product's dist files is a significant capability that should be explicit.
Instruction Scope
SKILL.md instructs cloning an external repo, creating a venv, installing packages, running a local FastAPI server, and patching OpenClaw JS files. These instructions stay within the stated goal but require write access to the OpenClaw installation and restarting the gateway. The patching step could break integrity, is performed by scripts with filesystem writes, and the included patch script uses a hardcoded Windows path which may not match a user's environment.
Install Mechanism
There is no platform install spec in the registry, but the bundled setup script clones a GitHub repository (https://github.com/asoraruf/brave_shim) and pip-installs dependencies (fastapi, uvicorn, ddgs, pyyaml) into a venv. Cloning from GitHub is a common pattern and not inherently malicious, but it means arbitrary remote code will be downloaded and run locally — this is moderate risk and should be audited before execution.
Credentials
The skill requests no credentials or env vars in metadata, and the instructions only mention adjusting NO_PROXY if it blocks localhost. However, the code implicitly requires file-system access to the OpenClaw dist directory and permission to restart the gateway; these configuration/permission requirements are not declared. That mismatch reduces transparency.
Persistence & Privilege
always is false (good), but the skill's actions modify another package's distributed files (OpenClaw's provider JS). Changing files outside the skill's own directory is a cross-component modification and elevates privileges/impact — it can be persistent across restarts and updates and should be treated cautiously.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install brave-shim - 安装完成后,直接呼叫该 Skill 的名称或使用
/brave-shim触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: free web_search via DuckDuckGo
元数据
常见问题
brave-shim 是什么?
Set up brave_shim as a free local proxy for OpenClaw web_search, routing Brave API requests to DuckDuckGo. Use when user asks to enable free web search, conf... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。
如何安装 brave-shim?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install brave-shim」即可一键安装,无需额外配置。
brave-shim 是免费的吗?
是的,brave-shim 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
brave-shim 支持哪些平台?
brave-shim 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 brave-shim?
由 weare20202020(@weare20202020)开发并维护,当前版本 v1.0.0。
推荐 Skills