ClawHub

Tavilysearch 1.0.4

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Tavily search wrapper that sends user-directed searches, URLs, crawl requests, and research topics to Tavily using a local API key.

Install only if you trust this Tavily wrapper and are comfortable sharing search terms, URLs, crawl instructions, and research topics with Tavily. Keep the Tavily API key private, monitor credit usage, scope crawls with limits and domain/path filters, and consider pinning dependencies in an isolated environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares an API key in env and clearly relies on outbound network access, yet no explicit permissions are declared. That creates a transparency and governance gap: a user or platform may authorize the skill without understanding it can read secrets and transmit data externally. In a search/crawl skill, hidden env+network capability increases risk because user queries, URLs, and possibly extracted content may be sent to a third-party service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The declared purpose focuses on search, extraction, news, and fact verification, but the documented behavior also includes whole-site crawling, research task creation/polling, usage inspection, and local .env loading. This mismatch undermines informed consent and can lead operators to expose broader capabilities than intended, especially crawling and background research workflows that may collect or transmit much more data than simple search. In a security review context, understated capability surface is a real risk amplifier.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The comment claims the code only reads an environment variable, but it actually opens a local .env file and injects TAVILY_API_KEY into process environment variables. This discrepancy can mislead reviewers and operators about secret-loading behavior, which matters in security-sensitive deployments where local file access and secret provenance are controlled.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
User-supplied queries, URLs, and extraction targets are sent to a third-party service without any disclosure, consent prompt, or data-classification guardrails. In an agent skill context, this creates a real privacy and data-handling risk because users may unknowingly submit sensitive prompts, internal URLs, or proprietary material to an external API.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
urllib3>=2.0.0
Confidence
92% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
urllib3>=2.0.0
Confidence
92% confidence
Finding
urllib3>=2.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: urllib3 — 10 advisory(ies): CVE-2025-66471 (urllib3 streaming API improperly handles highly compressed data); CVE-2024-37891 (urllib3's Proxy-Authorization request header isn't stripped during cross-origin ); CVE-2026-21441 (Decompression-bomb safeguards bypassed when following HTTP redirects (streaming ) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
urllib3

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal