Tavily Search

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its Tavily search purpose, but first use can automatically run an unpinned npm OAuth helper and it reads cached Tavily tokens from your home directory.

Review the first-run OAuth behavior before installing. If you proceed, consider setting an explicit Tavily API key yourself, avoid private queries or internal URLs, and be aware that the skill may run an unpinned npm helper unless you already have a valid Tavily token.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A package from npm may run on the user's machine before they have explicitly reviewed or pinned that code.

Why it was flagged

On first use without an existing token, the script can automatically download and run the unpinned mcp-remote npm package; this runtime dependency is not captured by the no-install-spec / bash-only requirement metadata.

Skill content

npx -y mcp-remote https://mcp.tavily.com/mcp </dev/null >/dev/null 2>&1 &

Recommendation

Pin the npm package version or vendor the helper, declare npx/node and other required tools, avoid suppressing output, and ask the user before running the OAuth helper.

Low

#ASI03: Identity and Privilege Abuse

What this means

The skill can reuse an existing Tavily login token instead of asking for a manually supplied API key.

Why it was flagged

The script reads cached OAuth access tokens from the user's home directory and uses them as the Tavily API bearer token; it validates the Tavily issuer and expiry, but this is still sensitive credential handling.

Skill content

MCP_AUTH_DIR="$HOME/.mcp-auth" ... token=$(jq -r '.access_token // empty' "$token_file" 2>/dev/null)

Recommendation

Install only if you are comfortable with the skill using cached Tavily OAuth credentials; prefer an explicitly scoped TAVILY_API_KEY if you want tighter control.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Search queries, URLs, crawl instructions, and research prompts may be processed by Tavily.

Why it was flagged

The skill sends user-provided search arguments and credentials to Tavily's MCP endpoint, which is expected for a Tavily integration but is still an external provider data flow.

Skill content

--url "https://mcp.tavily.com/mcp" ... --header "Authorization: Bearer $TAVILY_API_KEY" ... --data "$MCP_REQUEST"

Recommendation

Avoid submitting confidential URLs, private research topics, or sensitive business information unless Tavily processing is acceptable.