Web Search by Tavily
PassAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward web-search skill that uses an AIsa API key and sends selected search queries or URLs to AIsa/Tavily, with only minor provenance metadata inconsistency.
Install if you trust AIsa/Tavily with the searches and URLs you submit. Verify the publisher because of the minor metadata mismatch, use a dedicated API key, and avoid sending sensitive private information in queries.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may want to confirm this is the intended publisher/package before installing.
The package's internal metadata differs from the registry fields shown for this review, creating a minor provenance/coherence note even though the included code is simple and purpose-aligned.
"ownerId": "kn7azq5e6sw0fbwwzdpcwvvjzd7z0x4z", "slug": "aisa-tavily-search"
Verify the publisher, homepage, and registry listing before using the skill.
Anyone using the skill grants it access to make requests with the configured AIsa API key.
The script reads AISA_API_KEY from the environment and uses it as a Bearer token for the AIsa API, which is expected for this integration.
const apiKey = (process.env.AISA_API_KEY ?? "").trim(); ... "Authorization": `Bearer ${apiKey}`Use a dedicated, revocable API key and avoid sharing the environment variable beyond this skill's intended use.
Search terms, and URLs when using extraction, are shared with the external AIsa/Tavily service.
Search queries are sent to AIsa's Tavily API proxy over HTTPS; this is disclosed and aligned with the web search purpose.
fetch("https://api.aisa.one/apis/v1/tavily/search", { method: "POST", ... body: JSON.stringify(body) })Do not submit sensitive or private queries/URLs unless you are comfortable with the provider receiving them.