Skillv1.0.0

ClawScan security

Openclaw Tavily Search 0.1.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 11:39 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code is a straightforward client for the Tavily search API, but packaging/metadata inconsistencies and an undeclared required API key make the bundle internally inconsistent and worth caution.
Guidance: This skill's code looks like a normal Tavily API client, but the package metadata and SKILL.md disagree. Before installing, verify the source/owner and confirm you trust api.tavily.com. Prefer setting TAVILY_API_KEY as an environment variable rather than putting multiple secrets into ~/.openclaw/.env. Note the script will send the API key and query text to Tavily; ensure that is acceptable for your data/privacy needs. Also check the publisher identity (ownerId mismatch across files) and request a homepage or source repository to verify authenticity. If you can't verify the publisher, avoid installing or run the script in a restricted environment and inspect network traffic first.

Review Dimensions

Purpose & Capability: noteThe script implements web search via Tavily and requires a TAVILY_API_KEY, which is coherent with the stated purpose. However the registry metadata claims no required env vars while SKILL.md and the script clearly require the API key; also the _meta.json ownerId/version differ from the registry header metadata, indicating packaging inconsistencies.
Instruction Scope: okSKILL.md only instructs running the bundled script and how to provide the API key (env var or ~/.openclaw/.env). The runtime instructions and script do not read unrelated system files, do not call unexpected external endpoints, and only POST to api.tavily.com with the provided key.
Install Mechanism: okNo install spec is provided (instruction-only + a Python script). No downloads or extraction; nothing written to disk by an installer beyond executing the included script.
Credentials: concernThe script legitimately needs a single TAVILY_API_KEY, but the registry metadata omitted that requirement. The script will read ~/.openclaw/.env if present (and extract TAVILY_API_KEY from it) — accessing a dotfile in the user's home is reasonable for loading a key but could expose other user-kept secrets if the file is reused for multiple tokens. The mismatch between declared and actual required env vars is a configuration/packaging red flag.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system configuration. It will perform network calls when invoked, which is expected for a web-search integration.