Tavily Extract

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill’s main Tavily extraction purpose is clear, but its OAuth path can automatically run an unpinned npm helper locally, which users should review before installing.

Use this skill only if you trust Tavily with the URLs you submit and are comfortable with the first-run OAuth helper. Before installing, review or modify the script to pin the `mcp-remote` package and ensure `jq`, `curl`, `node`, and `npx` behavior matches your expectations.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

First-time use may download and run third-party npm code on the user’s machine without a separate confirmation prompt.

Why it was flagged

When no Tavily token is found, the script automatically invokes an unpinned npm package via `npx -y`, despite no install spec or dependency declaration.

Skill content

npx -y mcp-remote https://mcp.tavily.com/mcp </dev/null >/dev/null 2>&1 &

Recommendation

Pin and declare the helper dependency, document the exact OAuth helper being run, and ask the user before executing `npx`; users should review this script before first use.

Low

#ASI03: Identity and Privilege Abuse

What this means

The skill can use an existing Tavily OAuth token or `TAVILY_API_KEY` to call Tavily under the user’s account.

Why it was flagged

The script searches the local MCP auth cache for access tokens and validates that they are Tavily-issued before using them.

Skill content

MCP_AUTH_DIR="$HOME/.mcp-auth" ... find "$MCP_AUTH_DIR" -name "*_tokens.json" ... if [ "$iss" != "https://mcp.tavily.com/" ]; then

Recommendation

Install only if you are comfortable granting Tavily extraction access through your account; consider using a dedicated API key if you want clearer control.

Info

#ASI07: Insecure Inter-Agent Communication

What this means

Tavily will see the URLs and query parameters you ask it to extract.

Why it was flagged

The script sends the user’s extraction request, including URLs and options, to Tavily’s MCP endpoint over HTTPS.

Skill content

--url "https://mcp.tavily.com/mcp" ... --header "Authorization: Bearer $TAVILY_API_KEY" ... --data "$MCP_REQUEST"

Recommendation

Avoid sending private, internal, or sensitive URLs unless you trust Tavily and your account settings permit that use.