Turing Tavily Web Search
PassAudited by ClawScan on May 1, 2026.
Overview
The skill coherently provides Turing Tavily web search, but users should notice that it uses stored Turing credentials and sends search queries to Turing’s proxy while registry metadata under-declares those requirements.
Use this skill for searches only if you trust the Turing Tavily proxy and have configured the intended Turing credentials. Avoid putting secrets or private data in search queries, and be aware the registry metadata does not fully advertise the credential requirement.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may not see the credential requirement in registry-level metadata before opening the skill details.
The registry metadata would not alert users to credential requirements, while the supplied SKILL.md and script require Turing credentials. Because the skill itself discloses them, this is a metadata transparency note rather than a deception concern.
Required env vars: none ... Primary credential: none
Treat this as a credentialed integration and verify the configured Turing API key, client, and environment before use.
Search requests will be made using the configured Turing account credentials.
The script pulls Turing credential/account identifiers from the local OpenClaw config. This is expected for the proxy API but gives the skill delegated access to that Turing account when invoked.
api_key = _getcfg("TURING_API_KEY", _cfg)
client = _getcfg("TURING_CLIENT", _cfg)
environment = _getcfg("TURING_ENVIRONMENT", _cfg)Use a credential intended for this service, keep it scoped where possible, and remove or rotate it if the skill is no longer needed.
Anything placed in a search query can be transmitted to the external Turing Tavily proxy.
The user's query parameters are sent to the configured Turing Tavily proxy. This is the core function, but search terms may contain sensitive information.
url = f"{api_base}/api/v1/proxy/tavily/search" ... response = requests.post(url, json=request_body, headers=headers, timeout=30)Avoid putting secrets, private documents, credentials, or confidential business data into web-search queries.