critical
suspicious.env_credential_access
- Location
- scripts/tavily-pro.mjs:42
- Finding
- Environment variable access combined with network send.
Tavily Search Pro Native Node
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Search terms and URLs requested through this skill are sent to Tavily, so sensitive research topics should not be used casually.
Why it was flagged
The skill sends user queries and extraction URLs to an external provider. That is central to a Tavily search/extract tool and is disclosed, but users should understand the privacy boundary.
Skill content
Makes network calls only to Tavily's HTTPS endpoints: `https://api.tavily.com/search` and `https://api.tavily.com/extract` ... Do NOT use this when: Privacy-sensitive queries (everything transmits to api.tavily.com)
Recommendation
Use it only for research you are comfortable sending to Tavily, and prefer local or built-in fetch tools for privacy-sensitive one-off page reads.
What this means
The skill can consume Tavily account credits and depends on a valid API key being present in the process environment.
Why it was flagged
The script reads a Tavily API key from the environment and sends it to Tavily as an authorization credential. This is expected for the service, but it is still sensitive credential use.
Skill content
const value = (process.env.TAVILY_API_KEY || "").trim(); ... Authorization: `Bearer ${apiKey}`Recommendation
Set TAVILY_API_KEY only in environments where you intend to use this skill, monitor Tavily usage, and the publisher should declare the required credential in registry metadata.
What this means
Someone with access to the local machine could review cached results or usage logs that reveal past searches and extracted URLs.
Why it was flagged
The skill persistently stores usage logs and cached responses locally. This is disclosed and scoped to the skill cache directory, but those records may reveal queries, URLs, or retrieved content.
Skill content
Writes cache and usage logs only under `~/.openclaw/cache/tavily-search-pro-native-node/` ... Usage logs may contain plaintext search queries/URLs; use `--no-log` for sensitive calls.
Recommendation
Use --no-log and/or --no-cache for sensitive calls, run `cache clear` when appropriate, and avoid using this skill for private queries.