Back to skill

Security audit

Chen Tavily Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal Tavily search skill, but it publishes a live-looking API key in its metadata and setup instructions.

Review before installing. Do not use the published key; use your own Tavily API key, keep it out of committed files and screenshots, and prefer installing only after the publisher replaces the embedded key with placeholders and rotates any exposed credential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill documentation and metadata expose a concrete Tavily API key directly in the repository content, including configuration examples and environment variable instructions. This creates an immediate credential leakage risk because anyone with access to the skill file can reuse the key, consume paid API quota, impersonate the service account, or pivot into related systems if the key has broader scope.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation explicitly instructs users to copy a live-looking API key into config and environment variables without any warning about credential sensitivity. That normalizes unsafe secret-handling practices and can cause downstream leakage into shell history, config files, logs, screenshots, and version control, making credential compromise more likely.

Ssd 3

High
Confidence
99% confidence
Finding
A hardcoded API key appears in both the frontmatter metadata and usage examples, which increases exposure through ordinary documentation, parsing, indexing, and automation workflows. In skill context this is especially dangerous because metadata fields may be consumed automatically by tooling, causing the secret to propagate into logs, manifests, caches, or UI surfaces beyond the markdown file itself.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/search.mjs:81

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:31