ClawHub

travily_search_pro

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it bundles and automatically loads a Tavily API-key-like value while sending user queries and URLs to an external service.

Review before installing. Replace or remove the bundled .env value and use your own Tavily API key, avoid submitting secrets, private/internal URLs, customer data, or regulated content to Tavily, and choose --output paths carefully because existing files may be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes capabilities that use environment variables, write output files, and make outbound network requests, but it does not declare corresponding permissions. This can mislead users and security controls about what the skill is able to access, reducing transparency and making unintended data exposure or file modification more likely.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The script accepts an arbitrary --output path and writes fetched content directly to that location without validation or confirmation. In agent or automated contexts, this can overwrite local files unexpectedly, which expands the skill from network extraction into local file modification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises search, research, and URL extraction against Tavily but does not clearly warn that user queries, research topics, and supplied URLs will be transmitted to an external third-party service. Users may unknowingly send sensitive prompts, internal URLs, or proprietary research topics off-platform, creating confidentiality and compliance risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
A user-supplied URL is transmitted to Tavily's external API, which may disclose private or internal URLs, tokens embedded in query strings, or other sensitive references to a third party. This is especially relevant in agent settings where users may assume local-only processing.

Missing User Warnings

Low
Confidence
84% confidence
Finding
Writing extracted content to a file without warning can lead to accidental overwrite or unintended local state changes. While not inherently malicious, it is a meaningful safety issue for a tool whose primary purpose is content extraction rather than file management.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script sends the user-supplied research topic directly to an external Tavily service without any explicit disclosure prompt or warning at execution time. If users enter sensitive internal data, credentials, customer information, or confidential prompts, that data will be transmitted off-host to a third party. In an agent-skill context, this is more dangerous because the skill may be invoked as part of automated workflows where users may not realize external sharing occurs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal