ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tavily Research

v1.0.0

Conduct comprehensive AI-powered research with citations via the Tavily CLI. Use this skill when the user wants deep research, a detailed report, a compariso...

0· 47·0 current·0 all-time
by@abigale-cyber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name and description claim deep research via the Tavily CLI; the SKILL.md consistently instructs using `tvly research` commands. Requiring the Tavily CLI is coherent with the stated purpose.
!
Instruction Scope
The instructions explicitly tell the agent to run `curl -fsSL https://cli.tavily.com/install.sh | bash` and `tvly login`. That requires executing arbitrary remote code and performing an interactive login flow; the skill does not declare any credentials or explain what `tvly login` does or which endpoints receive credentials. The SKILL.md also enforces using this specific tool ('Do not skip this step'), reducing fallback options.
!
Install Mechanism
There is no formal install spec in metadata; instead the runtime docs recommend piping a script from cli.tavily.com into bash. Fetch-and-execute from an external URL is a high-risk install pattern because it runs arbitrary code with the agent's environment and writes binaries to disk; the domain is not a well-known release host referenced in the metadata and no checksums or verification steps are provided.
!
Credentials
Metadata declares no required credentials, yet the instructions require `tvly login` (an authentication step). The lack of declared primaryEnv or required env vars is a mismatch — users will need to provide credentials at runtime, and it's unclear how those credentials are handled, stored, or transmitted. The skill does not request unrelated secrets, but it fails to document the authentication surface.
!
Persistence & Privilege
Although the skill itself is not marked 'always' and is user-invocable, the recommended install step will install a persistent CLI on the host (via an external script) without an install spec or reviewable package source in the skill metadata. That persistent install increases blast radius if the fetched script is malicious or compromised.
What to consider before installing
This skill appears to do what it claims (deep research), but it asks the agent to fetch and run a remote install script and to run an interactive login that isn't declared in the metadata. Running curl | bash from an external domain can execute arbitrary code on your system and is the main risk here. Before installing: (1) review the contents of https://cli.tavily.com/install.sh yourself (do not pipe blindly), (2) prefer install sources with verifiable releases/checksums (GitHub releases, package managers), (3) confirm what `tvly login` does and where credentials are sent/stored, and (4) only proceed if you trust the Tavily project and domain. If you want lower risk, ask for a version of the skill that uses an audited package or that documents authentication and provides checksumed releases instead of a curl|bash installer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c9a9cyv35k5kqt8eczspc0n84fbg7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments