Skillv1.0.0

ClawScan security

Tavily Search Secure · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 6:38 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code and runtime instructions match the described Tavily search/extract purpose and implement reasonable URL safety checks, but the registry metadata omits the required TAVILY_API_KEY and the package has no known homepage/source — these mismatches warrant caution.
Guidance: This skill's code appears to do what it says: call Tavily's search/extract endpoints and enforce URL safety checks. Before installing: (1) verify the TAVILY_API_KEY will be provided and treat it as sensitive — the scripts send it to api.tavily.com in request bodies; do not reuse high-privilege keys. (2) Confirm the Tavily service/domain is trustworthy (there's no homepage or source URL listed). (3) Fix the registry metadata mismatch (it should declare TAVILY_API_KEY as a required env var / primary credential). (4) Run the scripts in a sandboxed environment or with least-privilege network rules (restrict egress to the Tavily API) and review request/response logs. If you cannot verify the Tavily endpoint or provenance of the skill, do not supply production credentials — use a throwaway key or decline installation.

Review Dimensions

Purpose & Capability: noteName/description, SKILL.md, and the two scripts are coherent: both scripts call https://api.tavily.com (search and extract) and implement the functionality described. However, the registry metadata lists no required environment variables while the SKILL.md and scripts clearly require TAVILY_API_KEY — a bookkeeping/integrity mismatch.
Instruction Scope: okSKILL.md directs the agent to run the provided node scripts with a TAVILY_API_KEY. The scripts only perform network calls to api.tavily.com, validate and sanitize inputs, and output results. They explicitly avoid printing the API key and perform host/IPv4/IPv6 checks to block localhost/private addresses (reducing SSRF risk). The scripts do not read other files or secrets.
Install Mechanism: okNo install spec (instruction-only + included scripts). No external downloads or package installs; code ships in the skill bundle. Risk from install mechanism is low.
Credentials: concernFunctionally the skill only needs one credential (TAVILY_API_KEY), which is proportionate. But the registry metadata incorrectly lists 'Required env vars: none' and 'Primary credential: none' while SKILL.md and the scripts require TAVILY_API_KEY. That mismatch could be accidental but makes it harder to audit/automate safe deployment and lowers trust. Also there is no homepage or known source listed to verify the Tavily API/service.
Persistence & Privilege: okalways:false and no behavior that modifies other skills or system settings. The skill does not ask to persist tokens or change agent configuration. Autonomous invocation is enabled by default (normal) but not combined with other red flags here.