ClawHub

Tavilysearch 1.0.4

v1.0.0

Tavily 搜索引擎集成,支持 web 搜索、内容提取、实时新闻查询等功能。使用场景:需要搜索最新网络信息、查找实时新闻、获取专业资料、验证事实准确性等。

0· 130·1 current·1 all-time
by@guogithubname
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Tavily search integration) align with included files (SKILL.md, API docs) and the Python client (scripts/search.py) that calls https://api.tavily.com. Required secret (TAVILY_API_KEY) is appropriate for the declared functionality. No unrelated services, credentials, or system resources are requested.
Instruction Scope
SKILL.md instructs creating a .env with TAVILY_API_KEY and running the provided script; the script reads the skill-directory .env as documented. The instructions do not ask the agent to read unrelated system files. Minor note: the script suppresses urllib3 warnings and attempts to clear a DNS cache entry if present (socket.gethostbyname.cache_clear), which is unusual but not clearly malicious—it may be intended to ensure fresh DNS lookups for usage queries.
Install Mechanism
No install spec is present (instruction-only skill with a Python script). Dependencies are minimal (requests, urllib3) listed in requirements.txt — installing via pip is typical and proportionate.
Credentials
Only a single credential (TAVILY_API_KEY) is required and justified by the skill's API calls. The script reads a .env file in the skill directory as described; it does not request or access other environment variables or credentials.
Persistence & Privilege
The skill is not forced-always-present (always: false) and does not modify other skills or system-wide agent settings. It only sets the TAVILY_API_KEY in the process environment after reading .env; no permanent system changes are made.
Assessment
This skill appears internally consistent with its purpose (a Tavily search client). Before installing, consider: 1) The package/source is unknown and has no homepage — verify the provider and obtain the API key only from a trusted Tavily account. 2) The script reads a .env file in the skill directory for your API key — do not place other secrets in that file. 3) The script suppresses urllib3 warnings and clears a DNS cache entry if available; review network calls and TLS behavior if you require strict security. 4) Run the skill in an isolated environment (or with a restricted API key with minimal permissions/quotas) until you confirm behavior and billing. 5) If you need higher assurance, inspect the full scripts/search.py file locally (it is included) or run it in a sandbox to observe outbound requests (they target api.tavily.com).

Like a lobster shell, security has layers — review code before you run it.

latestvk97fjd5mqwpaxbcm0h2kxwm6tx83m0th

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
TAVILY_API_KEYrequiredTavily API 密钥,用于调用搜索、提取、爬取等功能

Comments