ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tavily Search

v1.0.0

Tavily 搜索 API 集成 | Tavily Search API Integration. 高质量网络搜索、新闻聚合、信息调研 | High-quality web search, news aggregation, research. 触发词:搜索、search、tavily、新闻.

0· 353·1 current·1 all-time
by迩康@darryek
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match the implemented behavior: scripts call Tavily MCP endpoints (https://mcp.tavily.com) for search/crawl/extract/research and can save crawl output to local files. However, the skill metadata only declares 'bash' as a required binary while the scripts also rely on curl, jq, base64, date, and npx at runtime—these are not declared. The scripts also attempt to discover an OAuth token from a local cache (~/.mcp-auth), which is consistent with an OAuth-friendly client but is not documented in the registry metadata as a required config/access.
!
Instruction Scope
Runtime instructions and included scripts will: (a) read files under $HOME/.mcp-auth searching for '*_tokens.json', (b) run npx -y mcp-remote to initiate an OAuth browser flow (downloads and executes code from npm at runtime), (c) make outbound HTTPS requests to mcp.tavily.com, and (d) write crawled pages to any output directory you pass. Reading the local MCP auth cache is scope-relevant for OAuth but may be surprising because it inspects user files and could encounter other token files; the script tries to validate tokens by checking the JWT issuer and expiry, which mitigates but does not eliminate the concern.
!
Install Mechanism
There is no formal install spec, but the scripts call npx -y mcp-remote at runtime. npx will fetch and execute a package from the public npm registry on demand (transient download/execute). That is a moderate-to-high install-time risk compared with an instruction-only script that does not fetch code. The rest of the skill files are local shell scripts (no packaged third-party install), so the primary runtime risk is dynamic npx execution.
Credentials
The skill does not declare any required environment variables in registry metadata, but the scripts use TAVILY_API_KEY if present and will attempt to obtain an OAuth token from ~/.mcp-auth if not. Requesting/using a Tavily API token is proportional to the skill's purpose. Two small issues: (1) TAVILY_API_KEY is optional but not documented in the metadata 'requires.env' (user-facing docs in SKILL.md do mention it), and (2) the script reads ~/.mcp-auth token files — while it filters tokens by issuer and expiry, it still inspects local auth caches which could contain tokens for other tools if stored there.
Persistence & Privilege
The skill is not always: true and does not request persistent elevated platform privileges. It writes crawl output only to an explicit output directory you pass, and it does not modify other skills or global agent settings. Runtime npx execution is transient and not a declared persistent install.
What to consider before installing
This skill largely does what it says (Tavily search/crawl/extract/research), but review the following before installing: 1) The scripts rely on tools not listed in metadata (curl, jq, base64, npx). Ensure these binaries are present or install them beforehand. 2) On first run the scripts will call 'npx -y mcp-remote ...' which downloads and executes a package from npm to run an OAuth flow — if you prefer not to fetch code at runtime, set TAVILY_API_KEY manually in your agent settings and avoid the OAuth path. 3) The scripts search your home directory for ~/.mcp-auth/*_tokens.json; they only accept tokens whose JWT issuer matches https://mcp.tavily.com/ and check expiry, but this still reads local token cache files — if that is sensitive, run the skill in an isolated environment or remove/inspect that directory first. 4) Network calls target mcp.tavily.com (and docs mention api.tavily.com); verify these domains are expected. If you need lower risk, request the same functionality from a version that documents required binaries and avoids runtime npx fetches. If you decide to proceed, consider specifying TAVILY_API_KEY manually and running in a sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk975vas34kjv8b221wdcdyhr7982c3rz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsbash

Comments