Back to skill

Security audit

Tavily Best Practices

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Tavily integration guide; it does not include hidden executable code, but its examples send queries and URLs to external services when used.

Install if you want reference docs for building Tavily-powered search and research workflows. Before using the examples, avoid sending secrets, internal-only URLs, personal data, or regulated content to Tavily or LLM providers unless your organization has approved that data flow, and review any database-persistence examples before enabling them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill repeatedly demonstrates search, extraction, crawling, and research calls that send user-provided queries and URLs to an external Tavily service, but it does not clearly warn about network egress, third-party data disclosure, or privacy considerations. In an agent skill meant for coding assistants and autonomous workflows, this omission can cause developers to unknowingly route sensitive prompts, internal URLs, or proprietary research targets to an external API.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The examples instruct developers to send search queries and URLs to Tavily's external service but do not mention that these values may contain user-provided, sensitive, or proprietary data. In a developer reference intended for coding assistants and agentic workflows, omission of this privacy warning can lead to integrations that exfiltrate user input or internal links without explicit consent, review, or data-minimization controls.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.