Extract

The skill's behavior matches its stated purpose (calling Tavily's extract API) but the package metadata and runtime instructions are inconsistent — the script and SKILL.md require a TAVILY_API_KEY and command-line tools (jq, curl) even though the metadata declares no env vars or binaries — so double-check before installing.

What to check before installing/use: - Metadata mismatch: the registry lists no required env vars or binaries, but the SKILL.md and scripts require a TAVILY_API_KEY and use curl and jq. Confirm jq is installed and that the platform will provide curl/jq or update the metadata. - Protect your API key: store TAVILY_API_KEY securely (the instructions suggest ~/.claude/settings.json). Treat that key like any other secret — do not paste it into chat or share it publicly. - Data exposure: this skill sends the URLs (and any other fields you put in the JSON) to api.tavily.com. Do not use it with private/sensitive pages or URLs you do not want sent to an external service. - Verify the endpoint: the script calls https://api.tavily.com/extract and adds an x-client-source header. If you want stronger assurances, confirm Tavily's domain, SSL certificate, and privacy policy before sending sensitive content. - Test with non-sensitive data first: run small, non-sensitive queries to verify behavior and responses. If you need to run this in an automated agent, consider rate limits, batching (max 20 URLs), and timeouts. Overall: the skill appears to do what it claims, but the mismatched metadata and undeclared runtime dependencies are red flags that warrant a short verification step before trusting or distributing secrets to it.