Skillv1.0.3

ClawScan security

Tavily Search Optimized · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 5:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a straightforward Tavily web-search client, but there are inconsistencies between the declared requirements/registry metadata and what the code and SKILL.md actually need (notably a required API key and local file I/O), so review before installing.
Guidance: This skill implements a Tavily web-search client and appears to be mostly coherent, but check these points before installing: - Provide an API key: the scripts require TAVILY_API_KEY (or TAVILY_KEY). The registry metadata did not declare this requirement — set the env var or add it to ~/.openclaw/.env before use. - Review where secrets are stored: examples suggest writing your API key to ~/.openclaw/.env in plaintext. Ensure that file has safe permissions and that you are comfortable storing the key there. - Confirm the Tavily endpoint: the code posts to https://api.tavily.com. If you don't trust that service, do not provide credentials. - Be aware of local caching: search results are cached under ~/.openclaw/cache/tavily (this writes files to your home directory). If that is a concern, run with --no-cache or set a custom cache dir. - Minor docs/code mismatches: examples reference formats or paths (e.g., /root/.openclaw/...) that may not match your environment — inspect and possibly edit the script paths before running. If you want higher assurance, review the full scripts (they are included) for any further unexpected network calls or data-handling behavior, or run them in an isolated environment first.
Findings: [network-request-https-api.tavily.com] expected: The scripts POST JSON to https://api.tavily.com to perform searches. Network requests are expected for a web-search skill. [file-io-cache-creation] expected: The enhanced script implements a file cache under ~/.openclaw/cache/tavily and reads ~/.openclaw/.env. File I/O for caching/config is expected but implies local disk writes of cached queries/responses. [secret-env-read-TAVILY_API_KEY] expected: The code reads TAVILY_API_KEY (and alias TAVILY_KEY) from env or ~/.openclaw/.env. This is required for operation; the registry metadata omission is the problematic part, not the presence of this behavior itself.

Review Dimensions

Purpose & Capability: concernName/description claim a web-search client for Tavily, and the code implements that. However the registry metadata lists no required environment variables or primary credential, while the SKILL.md and both scripts require a TAVILY_API_KEY (or alias TAVILY_KEY). That mismatch (metadata says none required but the code will fail without an API key) is an incoherence that should be resolved.
Instruction Scope: noteRuntime instructions and examples are limited to performing searches, formatting results, and caching. The SKILL.md and scripts read environment variables and ~/.openclaw/.env, create/read cache files under ~/.openclaw/cache/tavily, and make POST requests to https://api.tavily.com. There is no evidence of attempts to read unrelated system files or exfiltrate arbitrary secrets, but examples use absolute /root/.openclaw paths (which may be incorrect for non-root deployments) and an example shows using subprocess to call the script from other code — both are benign but worth noticing.
Install Mechanism: okThis is instruction + bundled scripts only; there is no install spec, no external downloads, and no packaged post-install code. No high-risk install behavior observed.
Credentials: concernThe code legitimately needs a Tavily API key (TAVILY_API_KEY or TAVILY_KEY) and optional cache/config env vars (TAVILY_CACHE_DIR, TAVILY_DEFAULT_TIMEOUT, etc.). Those are proportionate to a search client. The concern is that the registry metadata did not declare the API key requirement, which could cause accidental failure or secrecy mistakes. SKILL.md and scripts also recommend adding the API key to ~/.openclaw/.env or exporting it — storing secrets in a plaintext file is common but should be done with caution (file permissions).
Persistence & Privilege: okThe skill does not request always:true and will not be force-enabled; it writes cache files under ~/.openclaw/cache/tavily and may create ~/.openclaw/.env if the user follows examples, which is within the skill's scope and not a system-wide privilege escalation. No modifications to other skills or global agent settings observed.