Back to skill

Security audit

Tavily

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tavily web search skill that uses a Tavily API key and sends user-directed search, URL extraction, and research requests to Tavily.

Install only if you are comfortable providing a Tavily API key and sending search terms, target URLs, and research prompts to Tavily. Use a dedicated key where possible, monitor credit usage, avoid confidential or regulated data in queries, and treat extracted web content as untrusted source material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The OpenAPI document declares `security: []` at the top level, which signals that operations are unauthenticated by default, while this endpoint later requires `bearerAuth`. This inconsistency can cause generated clients, gateways, or agent tooling to mis-handle authentication, accidentally omit auth, or expose the operation as public in downstream integrations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation describes sending user-supplied URLs to Tavily Extract but does not warn that both the submitted URLs and the fetched page content are transmitted to a third-party external service. This can lead to unintended disclosure of sensitive internal URLs, private resources, or regulated content when users assume extraction happens locally or within the host platform.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation describes sending user-provided research queries to Tavily's remote research service but does not warn that prompts and retrieved web-analysis context are transmitted to an external third-party API. In an agent skill context, users may supply sensitive internal data in prompts, so the lack of an explicit disclosure meaningfully increases the risk of unintended data exfiltration or privacy/compliance violations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation describes sending user queries to Tavily and optionally retrieving raw page content, but it does not clearly warn that prompts, search terms, and fetched third-party content will leave the local trust boundary and be processed by an external service. In an agent skill context, this can lead to unintended disclosure of sensitive user data or workspace-derived content if the model uses the tool on confidential inputs.

External Transmission

Medium
Category
Data Exfiltration
Content
optimized for LLMs.
  version: 1.0.0
servers:
  - url: https://api.tavily.com/
security: []
tags:
  - name: Search
Confidence
85% confidence
Finding
https://api.tavily.com/

External Transmission

Medium
Category
Data Exfiltration
Content
optimized for LLMs.
  version: 1.0.0
servers:
  - url: https://api.tavily.com/
security: []
tags:
  - name: Search
Confidence
88% confidence
Finding
https://api.tavily.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.