ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tavily Crawl

v1.0.0

Crawl any website and save pages as local markdown files. Use when you need to download documentation, knowledge bases, or web content for offline access or...

0· 204·0 current·0 all-time
by@evanydl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (crawl websites and save markdown) matches the script's behavior: it builds a JSON-RPC request to Tavily's MCP and writes results to files. However, metadata claims no required binaries or env vars while the script depends on external tools (jq, curl, npx, find, base64, date). The SKILL.md and script also reference different endpoints (api.tavily.com vs mcp.tavily.com) and the SKILL.md suggests placing an API key in ~/.claude/settings.json but the script only reads TAVILY_API_KEY from environment or tokens under ~/.mcp-auth — an inconsistency.
!
Instruction Scope
The script searches your home directory (~/.mcp-auth) for *_tokens.json and will decode/read JWT payloads there, then uses any valid Tavily token it finds. That is within the stated Tavily OAuth convenience flow, but it reads files from your user profile and may surface tokens automatically. The script also invokes npx to run 'mcp-remote' (backgrounded and silenced), which executes remote code outside the explicit skill scope. SKILL.md states 'No manual setup required' — true functionally, but the opaque npx invocation and home-directory token reads widen data access beyond 'just provide a URL'.
!
Install Mechanism
There is no install spec in the registry (instruction-only), but the script uses 'npx -y mcp-remote ...' at runtime. npx will fetch and execute code from the npm registry on-demand, which is effectively downloading and running third-party code without an explicit install step or review. That runtime fetch is a higher-risk operation compared to purely local scripts.
Credentials
The skill declares no required env vars, but the script expects TAVILY_API_KEY (or an OAuth token found in ~/.mcp-auth). Looking for tokens in ~/.mcp-auth is explainable for an OAuth convenience flow; the script also enforces an issuer check in JWTs (iss == 'https://mcp.tavily.com/'), which limits false positives. Still, the documentation's suggested location (~/.claude/settings.json) is not read by the script, and the script will instead search your auth cache and environment — this mismatch should be clarified before use.
Persistence & Privilege
The skill is not force-included (always:false) and does not change other skills or system-wide settings. It does spawn a temporary background npx process for OAuth flow, but it does not persistently install software or modify other agent configs.
What to consider before installing
Before installing or running this skill consider: 1) The script will attempt to read OAuth tokens from ~/.mcp-auth and will automatically use any valid Tavily token it finds — if you have other sensitive tokens in that directory, be cautious. 2) It runs 'npx -y mcp-remote ...' which downloads and executes an npm package at runtime (silently). If you don't trust the package or tavily.com, run the script in a sandbox/VM and audit the mcp-remote package first. 3) The script requires common CLI tools (jq, curl, npx, base64, find, date) though the skill metadata omits these — make sure those are present and you understand what they do. 4) If you prefer explicit control, set TAVILY_API_KEY in your environment before running (the SKILL.md suggests ~/.claude/settings.json but the script uses the env var or ~/.mcp-auth). 5) If you have sensitive files or tokens in your home directory, inspect ~/.mcp-auth and remove or isolate them before running. If these caveats are acceptable and you trust Tavily and the npm package used, the skill is coherent with its stated purpose; otherwise treat it as risky and run only in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk973bc2p06nfmypbeqgqjngegs82mg77

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments