ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tavily Extract

v1.0.0

Extract content from specific URLs using Tavily's extraction API. Returns clean markdown/text from web pages. Use when you have specific URLs and need their...

1· 273·4 current·6 all-time
by@evanydl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (use Tavily extract API) matches the script's behavior: it sends requests to Tavily endpoints and tries to obtain a Tavily token. However the registry metadata declares no required env vars or binaries while the script actually expects/uses TAVILY_API_KEY (env), ~/.mcp-auth token files, and external tools (jq, curl, npx, base64, find, sed, grep). This undocumented dependency mismatch is a design/information-quality problem.
!
Instruction Scope
The SKILL.md documents the OAuth flow and mentions ~/.mcp-auth and ~/.claude/settings.json. The script will recursively search the user's ~/.mcp-auth for *_tokens.json and decode tokens, and if none present it launches an OAuth helper. Reading auth token files in the home directory is functionally related to obtaining a Tavily token, but it is sensitive (may expose presence of other cached tokens) and should have been explicitly declared. The instructions also suggest adding TAVILY_API_KEY to ~/.claude/settings.json which touches agent configuration files — the script itself does not write to those files but the guidance encourages modifying them.
!
Install Mechanism
There is no install spec, but the runtime script calls 'npx -y mcp-remote ...' to initiate OAuth. That will fetch and execute an npm package on demand. On-demand npm installs are a non-trivial risk vector (remote code executed without an explicit install step). The script also relies on system binaries (jq, curl, base64, find, sed, grep) that are not declared in the registry metadata.
!
Credentials
The registry declares no required env vars, yet the script uses TAVILY_API_KEY (env) if present, and otherwise searches local token caches. Access to ~/.mcp-auth is sensitive. While these items are explainable (they are used to authenticate to Tavily), the absence of explicit declared credentials/config requirements in metadata is a discrepancy and reduces transparency about what the skill will access.
Persistence & Privilege
The skill is not always-enabled, does not request elevated or persistent system presence, and does not modify other skills' configs. It does read files in the user's home directory and may launch a browser-based OAuth flow, which are expected for an auth-enabled client but should be documented.
What to consider before installing
This skill generally does what it says (calls Tavily to extract pages), but it has important gaps you should consider before installing: - It will try to read ~/.mcp-auth/*_tokens.json and extract access_token values; those files can contain other cached auth tokens — only proceed if you trust the skill and the Tavily issuer check in the script. - The script will run `npx -y mcp-remote ...` to perform OAuth if no token is found. That downloads and executes code from npm at runtime; review the mcp-remote package (or avoid letting the script run it) if you want to reduce risk. - The metadata didn't list runtime dependencies, but the script requires jq, curl, npx, and standard Unix tools; ensure those are present and safe. - For minimal exposure, consider creating and providing a dedicated TAVILY_API_KEY (set the env yourself) rather than allowing the script to scan ~/.mcp-auth or auto-run npx. If you need higher assurance, ask the skill author to: (1) declare required binaries/env in metadata, (2) avoid on-demand npx installs or document the exact npm package & version, and (3) limit or make optional any recursive scans of ~/, or at least clearly describe what files will be read.

Like a lobster shell, security has layers — review code before you run it.

latestvk971kjx7d1a99ayggq6ffvbkzd82mpys

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments