Tavily
v1.0.0Tavily integration. Manage data, records, and automate workflows. Use when the user wants to interact with Tavily data.
⭐ 0· 45·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is an integration wrapper that instructs the agent to use the Membrane CLI to access Tavily. Requiring the Membrane CLI and a Membrane account is coherent with the described functionality; no unrelated credentials or tools are requested.
Instruction Scope
SKILL.md stays on-topic: it instructs installing/using the Membrane CLI, logging in, creating connections, listing and running actions, and proxying API requests. It does not instruct reading unrelated files, harvesting system secrets, or sending data to unexpected endpoints. It does advise browser-based auth and headless flow handling.
Install Mechanism
There is no formal install spec in the registry (instruction-only). The README instructs using npm (npm install -g @membranehq/cli or npx) — a standard public-registry install. Installing a global npm package executes code from the npm registry (moderate risk if you don't trust the package), but this is expected for a CLI-based integration.
Credentials
The skill declares no required environment variables or credentials and explicitly tells users not to provide API keys, using Membrane to handle auth. The only external requirement is a Membrane account, which is proportional to the stated purpose.
Persistence & Privilege
The skill is not marked always:true, does not request persistent system-wide changes, and has no install-time hooks in the registry. It relies on ephemeral CLI usage and browser-based login—no elevated platform privileges are requested by the skill metadata.
Assessment
This skill is instruction-only and uses the Membrane CLI to access Tavily. Before installing or running commands: 1) Verify you trust the Membrane project and the npm package (@membranehq/cli) — installing global npm packages runs code from the registry. Prefer using npx for one-off runs if you want to avoid a global install. 2) Review Membrane's privacy and connector scopes so you know what data may be proxied through their service. 3) Expect browser-based authentication and that the CLI will open URLs; in headless environments you will need to complete the auth flow manually. 4) If you want tighter control, inspect the Membrane CLI repository and the Tavily connector configuration before granting access.Like a lobster shell, security has layers — review code before you run it.
latestvk9760b10rxeqe7e93zz6ts9bd184ebjs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.