Back to skill

Security audit

Tavily Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Tavily search helper that sends search queries to Tavily as disclosed.

Install only if you are comfortable sending search JSON to Tavily under your Tavily API key. Keep queries non-sensitive, avoid including secrets or proprietary personal data, and use an API key with appropriate quota and billing limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Transmission

Medium
Category
Data Exfiltration
Content
./scripts/search.sh --json '{"query": "NVIDIA stock analysis", "search_depth": "advanced"}'
```

### Equivalent curl

The script is a thin wrapper around this call:
Confidence
94% confidence
Finding
curl The script is a thin wrapper around this call: ```bash curl --request POST \ --url https://api.tavily.com/search \ --header "Authorization: Bearer $TAVILY_API_KEY" \ --header 'Content-Typ

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.