Back to skill

Security audit

Tavily Search Pro Native Node

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Tavily research helper that sends user-provided searches or URLs to Tavily and stores local cache/log files, with no artifact-backed evidence of hidden exfiltration or destructive behavior.

Install this if you are comfortable sending searches and URLs to Tavily using your API key. Use --no-log --no-cache for sensitive or client/private research, avoid shared OS profiles if cache separation matters, and periodically inspect or clear the skill cache/log directory if local retention is a concern.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persistently logs sensitive user activity to ~/.openclaw/cache/tavily-search-pro-native-node/usage.log, including search queries and extracted URLs. In an agent/tooling context, queries and URLs often contain confidential research topics, internal targets, or tokens embedded in URLs, so storing them silently on disk creates a privacy and data-retention risk if the host is shared or later compromised.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The extract command caches full remote extraction responses to disk, which can include substantial page content and potentially sensitive information fetched during agent operation. Because this happens by default and without a clear runtime warning or encryption/protection, sensitive third-party or internal content may persist locally long after use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/self-test.mjs:26

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/tavily-pro.mjs:43