← 返回 Skills 市场
mrnsmh

Brave Rotator

作者 Marouane · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
331
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-skill-brave-rotator
功能描述
Brave Search API with automatic key rotation across multiple API keys to maximize free tier limits (2000 req/month per key). Use when performing web, news, o...
安全使用建议
This skill legitimately implements key rotation for Brave Search, but it stores your API keys in plaintext in a state file and the registry metadata doesn't declare the required BRAVE_API_KEYS env var. Before installing or using it, consider: 1) review the script locally (you already have the code) and confirm you trust the source; 2) do not supply long-lived or high-privilege keys — prefer disposable keys; 3) change the code so it does not write raw keys to disk (store only masked identifiers or hashes, or avoid persistent state altogether), or set BRAVE_KEY_STATE_FILE to a secure, access-restricted path (or tmpfs); 4) run the skill in an isolated environment/container if possible; 5) if you cannot audit or modify the script, avoid providing multiple keys to it. Also consider updating registry metadata to declare BRAVE_API_KEYS so the requirement is explicit.
功能分析
Type: OpenClaw Skill Name: openclaw-skill-brave-rotator Version: 0.1.0 The OpenClaw skill 'brave-rotator' is classified as benign. The `SKILL.md` file provides clear, non-malicious instructions for setting up and using the Brave Search API with key rotation, without any prompt injection attempts. The `scripts/brave_search.py` script correctly implements the described functionality, handling API keys from environment variables, managing a state file (`~/.brave_key_state.json`) for rotation, and making legitimate network calls to `api.search.brave.com`. There is no evidence of data exfiltration, unauthorized file access, arbitrary code execution, or other malicious intent.
能力评估
Purpose & Capability
The name/description match the code: it implements Brave Search calls with multi-key rotation. However the package metadata declares no required env vars/credentials while the SKILL.md and code require BRAVE_API_KEYS — a mismatch between declared requirements and actual needs.
Instruction Scope
Runtime instructions and the script read BRAVE_API_KEYS from the environment and persist full per-key state to a JSON file (~/.brave_key_state.json by default). The code uses the raw API keys as JSON object keys, so the state file will contain actual API keys in plaintext. SKILL.md even suggests inspecting that file, encouraging exposure of secrets.
Install Mechanism
No install spec — instruction-only plus a single Python script. No downloads or external installers are invoked, which minimizes install-time risk.
Credentials
The skill actually requires BRAVE_API_KEYS (comma-separated API keys) even though metadata lists none. Requesting multiple API keys is reasonable for rotation, but persisting them in an unencrypted state file is disproportionate and unnecessary for the stated purpose.
Persistence & Privilege
The skill writes a state file to the user's home directory and persists sensitive data (the API keys and usage metadata). It does not require elevated system privileges or always:true, but persistent storage of secrets increases blast radius if the environment is shared or backed up.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-skill-brave-rotator
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-skill-brave-rotator 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of brave-rotator: multi-key Brave Search API with automatic key rotation. - Supports web, news, and image search with round-robin key usage and rate-limit fallback. - State tracking for key usage and cooldowns via local JSON file. - Simple CLI and Python import usage. - Easily configure API keys and state file via environment variables.
元数据
Slug openclaw-skill-brave-rotator
版本 0.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Brave Rotator 是什么?

Brave Search API with automatic key rotation across multiple API keys to maximize free tier limits (2000 req/month per key). Use when performing web, news, o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 331 次。

如何安装 Brave Rotator?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-skill-brave-rotator」即可一键安装,无需额外配置。

Brave Rotator 是免费的吗?

是的,Brave Rotator 完全免费(开源免费),可自由下载、安装和使用。

Brave Rotator 支持哪些平台?

Brave Rotator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Brave Rotator?

由 Marouane(@mrnsmh)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论