ClawHub

Tavily Search Optimized

Security checks across malware telemetry and agentic risk

Overview

This Tavily web-search skill mostly does what it claims, but users should review it because normal debug paths can expose the Tavily API key.

Install only if you are comfortable sending search queries to Tavily and storing recent query/results locally. Avoid --verbose and the API-key inspection examples until secrets are redacted, use --no-cache for sensitive searches, keep the cache directory at the default application-owned path, and do not use --clear-cache with a broad custom cache path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README includes an API key inspection example that prints part of the secret to the console without any warning about credential sensitivity. Even partial secret disclosure can end up in shell history, screenshots, logs, or shared terminals, increasing the risk of credential leakage.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
In verbose mode, the code prints the full request payload to stderr, and that payload includes the Tavily API key. Any user, log collector, terminal recording, or upstream orchestration layer capturing stderr can obtain the credential and reuse it for unauthorized API access.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script sends user search queries and the Tavily API key to a third-party service without any in-code disclosure, consent check, or privacy warning. In an agent skill context, users may reasonably assume local processing unless told otherwise, so sensitive prompts or internal queries could be exposed to an external provider.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal