ClawHub

Tavily Skill.Bak

Security checks across malware telemetry and agentic risk

Overview

This Tavily search skill mostly does what it claims, but it handles an API key and includes unsafe guidance that could expose that key.

Install only if you intend to use Tavily as a third-party search provider. Do not run the documented `echo $TAVILY_API_KEY` check; use a masked or presence-only check instead, keep any OpenClaw config containing the key private, and avoid sending secrets, personal data, or confidential business topics as search queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to send search queries to Tavily's external API but does not clearly warn that user prompts and possibly sensitive research topics will be transmitted to a third party. In an agent setting, this can lead to unintended disclosure of confidential, personal, or proprietary information if users or upstream systems assume local-only processing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Documenting `include_raw_content` without a warning increases the chance that full webpage contents, including copyrighted, sensitive, or unexpectedly embedded private data, are retrieved and further processed. In an agent workflow this broadens data exposure and can cause over-collection beyond what is necessary for a simple search task.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends the user-provided query and search parameters to Tavily's external API, but it does not provide an explicit warning or confirmation that potentially sensitive input will leave the local system. In an agent-skill context, users may assume inputs are processed locally, so this can cause unintended disclosure of private or regulated data.

External Transmission

Medium
Category
Data Exfiltration
Content
fi

# Make API request
curl -s -X POST "https://api.tavily.com/search" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TAVILY_API_KEY" \
  -d "{
Confidence
90% confidence
Finding
curl -s -X POST "https://api.tavily.com/search" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TAVILY_API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
fi

# Make API request
curl -s -X POST "https://api.tavily.com/search" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TAVILY_API_KEY" \
  -d "{
Confidence
90% confidence
Finding
https://api.tavily.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal