Tavily 搜索
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward Tavily web-search helper, with the main caveat that it uses a Tavily API key and sends search queries to Tavily even though the registry metadata does not declare a credential.
This appears safe to install if you intend to use Tavily for web search. Use a dedicated Tavily API key, remember that queries go to Tavily, and avoid searching for secrets or highly private information.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can use your Tavily API key and quota when it performs searches.
The skill requires a Tavily service credential. This is expected for a Tavily search integration, but the registry metadata says no required env vars and no primary credential.
Provide API key via either: ... `TAVILY_API_KEY`, or ... `~/.openclaw/.env` line: `TAVILY_API_KEY=...`
Use a dedicated Tavily API key, avoid sharing a broadly privileged key, and prefer updating the skill metadata to declare the credential requirement.
Search terms may be visible to Tavily, so sensitive queries could be exposed to that provider.
The script sends the API key and user search query to Tavily's external API. This is disclosed and purpose-aligned for web search.
TAVILY_URL = "https://api.tavily.com/search" ... "api_key": key, "query": query
Avoid putting secrets or private data into search queries, and review Tavily's privacy and retention terms if that matters for your use.