Skillv1.0.0

ClawScan security

Irene Tavily Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 6:51 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions generally match a Tavily search helper, but there are clear inconsistencies around declared requirements and credential handling that reduce transparency and warrant caution.
Guidance: This skill appears to implement a Tavily search helper, but there are mismatches you should address before trusting it: (1) The script requires a TAVILY_API_KEY but the skill metadata does not declare any required env var—make sure you only supply a key you control and understand the key's scope. (2) The metadata lists curl as required even though the code never uses it; treat that as a metadata error. (3) The script looks for keys in ~/.openclaw/.env, ~/.env, and .env — ensure those files do not contain other sensitive secrets and set restrictive file permissions. (4) The script sends the API key in the JSON payload to https://api.tavily.com/search over HTTPS; verify the tavily.com homepage and API docs to confirm this is the intended usage and that the service is trustworthy. (5) Minor usability note: example commands in SKILL.md use unexpanded ~ in subprocess calls which may not work as written. If you plan to install/use this skill, obtain the API key from tavily.com directly, verify the source (owner/publisher), update the skill metadata to list TAVILY_API_KEY as a required credential and remove unused binary requirements, and prefer storing keys with appropriate permissions rather than echoing them into shared dotfiles.

Review Dimensions

Purpose & Capability: noteThe name, description, SKILL.md and scripts/search.py all describe a Tavily-based search tool and the script calls https://api.tavily.com/search — that is coherent with the stated purpose. However the skill metadata declares required binaries (curl and python3) while the included code only uses python3; curl is never invoked. Also the registry metadata lists no required env vars but both SKILL.md and the script require a TAVILY_API_KEY. These mismatches suggest sloppy metadata or incomplete declaration.
Instruction Scope: okRuntime instructions and the script stay within the stated purpose: they obtain an API key (from environment or typical .env paths), build a JSON payload and POST it to Tavily's API, then format results for display. The script does not attempt to read unrelated system files or call unexpected external endpoints. Note: the SKILL.md recommends writing the API key to ~/.openclaw/.env and the script will scan ~/.openclaw/.env, ~/.env, and .env for a TAVILY_API_KEY line — this is expected behavior but worth noting because it will read user config files to find the key.
Install Mechanism: okThis is an instruction-only skill with no install spec. No downloads or archives are written to disk by an installer. That minimizes install-time risk.
Credentials: concernThe SKILL.md and scripts require a TAVILY_API_KEY (environment variable or .env entry) but the skill's declared requirements list no required env vars or primary credential. This mismatch reduces transparency — users may not realize they must supply an API key. Also the code places the api_key in the JSON payload (payload['api_key']) rather than using an Authorization header; while not necessarily malicious, it's a less standard pattern and users should confirm the API endpoint and TLS usage. The declared required binaries including curl are disproportionate because curl is not used by the included code.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide config. It reads typical user config paths to locate a provided API key, which is a reasonable level of persistence for this function.