Tavily Search

Security checks across malware telemetry and agentic risk

Overview

This is a search/research skill that calls AIsa-hosted search APIs with a declared API key, but users should treat queries and URLs as data sent to an external service.

Install this only if you are comfortable sending search queries, URLs, and requested summaries to AIsa-backed external services. Avoid entering secrets, private internal URLs, regulated data, or confidential business information unless that external processing is allowed for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The extract command introduces a materially different capability: fetching and returning raw content from arbitrary user-supplied URLs via a third-party API. In an agent-skill context, undocumented remote content retrieval increases data-handling risk, can expose sensitive internal URLs or private resources if the surrounding platform permits them, and broadens the exfiltration surface beyond simple web search.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documentation does not clearly warn that user search queries are transmitted to external services, which creates a privacy and compliance risk. Users may enter sensitive prompts believing the tool is local or limited, when in reality their queries and possibly extracted content are sent to AIsa/Tavily and potentially other upstream providers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal