ClawHub

Tavily Quota Router

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Tavily multi-key search router whose credential, network, and local state use match its stated purpose.

Install only if you intend to use Tavily with your own API keys. Keep config/keys.json private, expect searches and usage checks to go to Tavily and consume quota, and avoid sending secrets or sensitive internal text as search queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly instructs use of local files (`config/keys.json`, `state/quota.json`) and outbound requests to Tavily, but the metadata shown contains no declared permissions. That mismatch is dangerous because operators and automated policy systems may approve or run the skill without understanding that it can read secrets, write local state, and transmit data to an external service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description explains functionality but does not prominently warn that the skill reads Tavily API keys from local configuration and sends queries and usage-sync traffic to Tavily's external API. This can lead to unintended disclosure of credentials usage and user search content to a third party, especially if a user assumes it is only an internal router.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The search command sends the user-supplied query directly to Tavily's external API, which can expose sensitive prompts, secrets, or internal data if users pass them as search terms. In an agent skill context, this is a real privacy and data-handling risk because the code provides no consent gate, sanitization, or warning before transmitting data off-system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal