Tavily Research

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is aligned with Tavily web research, but first-run login automatically runs an unpinned npm helper and reuses local Tavily tokens, so it deserves review before use.

Review the first-run authentication path before installing. If you are uncomfortable with automatic `npx` execution, manually configure a Tavily API key or ensure the helper is pinned and trusted. Do not include secrets in research queries.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI04: Agentic Supply Chain Vulnerabilities

Medium

What this means

A compromised or changed npm package could execute code locally during login before the user has reviewed that helper.

Why it was flagged

On first-run authentication, the skill can automatically execute an unpinned npm helper that is not included in the reviewed files.

Skill content

npx -y mcp-remote https://mcp.tavily.com/mcp </dev/null >/dev/null 2>&1 &

Recommendation

Pin and declare the `mcp-remote` dependency, require explicit user approval before running it, or use a manually configured Tavily API key instead.

#ASI03: Identity and Privilege Abuse

Low

What this means

The skill may use an existing Tavily account token and could consume account quota or access Tavily features under that account.

Why it was flagged

The script searches the local MCP auth cache for Tavily access tokens and uses a valid token as the API credential.

Skill content

MCP_AUTH_DIR="$HOME/.mcp-auth" ... token=$(jq -r '.access_token // empty' "$token_file") ... export TAVILY_API_KEY="$token"

Recommendation

Confirm which Tavily account is authenticated, revoke unwanted cached tokens if needed, and prefer a scoped API key if available.

#ASI07: Insecure Inter-Agent Communication

Low

What this means

Research queries and any sensitive details included in them leave the local environment and are processed by Tavily.

Why it was flagged

The user’s research input is sent to Tavily’s remote MCP endpoint with the Tavily credential.

Skill content

curl -s --request POST --url "https://mcp.tavily.com/mcp" ... --header "Authorization: Bearer $TAVILY_API_KEY" ... --data "$MCP_REQUEST"

Recommendation

Avoid putting secrets or private data in research prompts unless you are comfortable sharing them with Tavily.