critical
suspicious.env_credential_access
- Location
- scripts/smart-search.js:8
- Finding
- Environment variable access combined with network send.
Tavily Plus
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Searches may consume the user's Tavily quota and are authorized with the configured Tavily key.
Why it was flagged
The code uses Tavily API keys from environment variables as bearer credentials for provider requests. This is expected for the stated search integration but means the skill operates under the user's Tavily account.
Skill content
if (process.env.TAVILY_API_KEY) keys.push(process.env.TAVILY_API_KEY); ... "Authorization": `Bearer ${apiKey}`Recommendation
Use only intended Tavily API keys, rotate or revoke them if needed, and avoid providing broader credentials than necessary.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Search terms and generated sub-queries leave the local environment and go to Tavily by default, or to the configured base URL if changed.
Why it was flagged
User queries and generated sub-queries are sent to an external provider endpoint. This is purpose-aligned for web search, but a custom TAVILY_BASE_URL changes the destination for query data and authorization headers.
Skill content
const BASE_URL = process.env.TAVILY_BASE_URL || "https://api.tavily.com"; ... fetch(`${BASE_URL}/search`, { method: "POST", ... body: JSON.stringify(body) })Recommendation
Do not include secrets in search queries, and leave TAVILY_BASE_URL unset unless the alternate endpoint is trusted.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Local report files may contain the user's query, search results, and generated summary.
Why it was flagged
The skill can write a local report file when the user enables export_doc. The behavior is disclosed and scoped to a predictable OpenClaw reports directory.
Skill content
When `export_doc: true`: ... Save to `~/.openclaw/workspace/reports/tavily-plus-{timestamp}.md`Recommendation
Enable export_doc only when a saved report is desired, and delete report files if they contain sensitive research topics.