t-web-searcher

The skill contains a significant Remote Code Execution (RCE) vulnerability in `scripts/search.mjs`, where it dynamically imports a JavaScript module using a path derived from the remote API response (`data.meta.formatFile`). Additionally, both `scripts/search.mjs` and `scripts/extract.mjs` employ minor obfuscation by using indirect references to `process.env` (via `process_t` and `key_t` variables) to access the `TAVILY_API_KEY`, a technique often used to evade simple static analysis tools.