多搜索聚合器

What to check before installing: - The skill will send your queries (and any API keys you provide) to external services (Tavily, Brave, Perplexity). If your queries contain sensitive data, they may be transmitted to third parties. - The code expects TAVILY_API_KEY (mandatory) and optionally BRAVE_API_KEY and PERPLEXITY_API_KEY. The registry metadata incorrectly lists no required env vars — confirm that you are comfortable supplying at least a Tavily API key. - The script reads credentials from environment variables or ~/.openclaw/.env. Inspect that file and avoid storing unrelated secrets there. - Verify the API endpoints and model names if you have provider-specific concerns (billing, allowed content, or data-retention policies). - If you want stronger safety: ask the publisher to update registry metadata to declare required env vars (and primary credential), or run the script in a restricted environment that limits network access or the specific API keys used. Why this is marked suspicious: the main issue is metadata inconsistency (no declared required env vars vs. script requiring keys). This is likely a packaging/metadata oversight but should be corrected or clarified before trusting the skill with credentials. Additional information that would raise confidence to benign: an updated registry entry explicitly listing the required env vars (with primary credential), or confirmation from the author that Tavily is indeed required and how keys are used/stored.