Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Topic Research
v1.0.0Run a second-hop deep research pass through the Tavily CLI after an initial scan, then normalize the result into a local `research.md` contract. Use when Cod...
⭐ 0· 56·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md and runtime.py clearly require the 'tvly' (Tavily) CLI to be installed and available on PATH, and the README instructs running an external install script (curl | bash). However the registry metadata lists no required binaries or primary credential — that mismatch is incoherent. A research skill that depends on a third‑party CLI should declare that dependency explicitly in the manifest.
Instruction Scope
Instructions are focused on building a query, calling 'tvly research --json', parsing JSON, and writing a normalized markdown and raw JSON into content-production/inbox/. That matches the stated purpose. Two points to watch: (1) the code allows 'source_file' in frontmatter to be an absolute path and will read it as-is — that enables the skill to read arbitrary files if the input frontmatter is malicious or mistaken; (2) the skill will write files into repo-local paths (content-production/inbox/...), which is expected but may overwrite existing files without further safeguards.
Install Mechanism
The skill itself has no install spec (instruction-only), which is low-risk. But the README recommends installing Tavily via a remote install script (curl -fsSL https://cli.tavily.com/install.sh | bash). Installing third-party CLIs via curl|bash is a higher‑risk action and should be audited before execution. The skill does not ship or pin the Tavily binary and relies on whatever the remote installer provides.
Credentials
The skill requests no environment variables or credentials in the manifest, which is consistent with not embedding credentials. However, it depends on a logged-in Tavily CLI; Tavily will presumably access its own auth tokens/config locally (not declared here). Also, because 'source_file' can be absolute, an attacker or misconfigured input could point the skill at sensitive local files — this is a proportionality/design concern rather than explicit credential exfiltration in the skill itself.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It writes outputs into repository-local directories and does not appear to modify other skills or global agent settings.
What to consider before installing
This skill legitimately wraps a Tavily CLI workflow to produce normalized research reports, but before installing or running it:
- Expect to install and trust a third‑party CLI (tvly). Audit the installer (https://cli.tavily.com/install.sh) before running curl | bash. Prefer installing from a reviewed package or vendor documentation if possible.
- Confirm the manifest is updated to declare 'tvly' as a required binary so the skill's declared requirements match its runtime needs.
- When creating the input markdown, avoid giving an absolute source_file that points outside the project (the skill will read absolute paths). Treat inputs as untrusted and run the skill in a workspace that contains no secrets.
- Be aware the skill will write files into content-production/inbox/ and content-production/inbox/raw/research/ and may overwrite existing files.
If you need higher assurance, request the author to: (1) add 'tvly' to required binaries in the registry metadata, (2) remove or restrict absolute-path reads for source_file, and (3) avoid recommending curl|bash installs in the README (or provide a pinned, auditable installer).Like a lobster shell, security has layers — review code before you run it.
latestvk97ayy1tqm69vxv5hmt2ka6npx84dfxj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.