ToolProof Trust Profile

ai-smithery-brave

Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.

100risk score
Connect With Limitsconnection signal
remote_context_data_exposurerisk type
86evidence score
Source: https://github.com/brave/brave-search-mcp-server
Registry: ai.smithery/brave 2.0.58

Connection signal

Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.

Observed tools

  • None observed in this static profile.

Top findings

  • Detected capability: environment_access — src/config.ts:33
  • References credential or secret pattern: API_KEY_GENERIC — marketplace-revision-release.json:20
  • Install risk pattern: unpinned_dependency — package-lock.json:11

Recommended controls

  • Install in a sandbox before team or production use.
  • Pin the exact package/repository version.
  • Review install scripts, Dockerfile behavior, and dependency pins.
  • Do not use production credentials during first install.
  • Restrict filesystem, repository, cloud, and database scope.
  • Require human approval for destructive actions.
  • Review what prompts, queries, or documents are sent to remote endpoints.
  • Avoid sensitive context until data handling is understood.

Static analysis can miss behavior. This profile is an connection review signal, not production approval.