Tavily AI Search
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward Tavily web-search wrapper, with expected API-key and external-search behavior that users should configure carefully.
This skill appears purpose-aligned for Tavily web search. Before installing, set up the Tavily API key carefully, prefer environment/config storage over command-line secrets, verify the tavily-python dependency source or pin its version, and treat retrieved web content as untrusted until checked.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can consume Tavily credits and exposes any submitted search queries to the Tavily service under the configured account.
The skill requires a Tavily account API key, which is appropriate for Tavily search but gives access to the user's Tavily account quota and should be handled as a credential.
"apiKey": "tvly-YOUR_API_KEY_HERE" ... export TAVILY_API_KEY="tvly-YOUR_API_KEY_HERE"
Use a dedicated Tavily key if possible, keep it out of shared logs and command history, and avoid including secrets or sensitive private data in search queries.
The skill's runtime behavior depends partly on the installed tavily-python package version and its supply chain.
The script depends on an external Python package installed manually, and the artifacts do not pin a version or provide an install spec.
Requires: pip install tavily-python
Install the package from the official source, consider pinning a known-good version, and review dependency updates before use in sensitive workflows.
Search results may contain inaccurate, adversarial, or prompt-injection-like content that could mislead downstream reasoning if treated as authoritative.
The skill intentionally brings web search results, AI summaries, and optional raw page content into the agent's context.
AI-generated answer summaries from search results ... Raw HTML Content if requested ... Return to Agent
Use domain filters for trusted sources when possible and verify results before taking high-impact actions based on retrieved content.