Tavily Best Practices

The skill is largely documentation for a web-search/crawl SDK (Tavily) and appears functionally consistent, but the runtime instructions require placing an API key into a user config path (~/.claude/settings.json) and reference environment variables not declared in the registry metadata—an incoherence you should review before installing or using.

What to consider before installing or using this skill: - The documentation requires a Tavily API key (TAVILY_API_KEY) and instructs adding it to ~/.claude/settings.json, but the skill metadata declares no required environment variables or config paths — confirm you are comfortable storing that key in your Claude settings file and that this is the intended place for it. - The skill is instruction-only (no code to execute from the registry), which lowers install risk, but it points you to install third‑party packages (pip/npm). Only install those packages from official package registries and verify package names (tavily-python, @tavily/core) come from the official Tavily organization. - The functionality (search, extract, crawl) legitimately needs an API key and network access; these operations will fetch web pages and could retrieve sensitive or private content if you target internal URLs — apply domain filters, limits, and respect robots.txt as the docs advise. - Ask the publisher or registry maintainer to correct the metadata: required env vars (TAVILY_API_KEY) and any config paths should be declared. If the skill came from an unknown source (homepage/source unknown here), verify the origin before providing credentials. - If you want stronger safety: test in a sandbox account/project with a scoped Tavily key, monitor API usage, and avoid using your primary production credentials until you confirm behavior.