ClawHub

Tavily Summary

v1.0.0

AI-optimized web search with structured summarization, combining Tavily Search API + proven summarization methodology from summarize.

1· 43·0 current·0 all-time
byLingxi(灵曦)@liuxiaolong1988
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (node), required env (TAVILY_API_KEY), and the included scripts all target Tavily's search/extract API endpoints (api.tavily.com). These requirements are proportionate to a Tavily-backed search-and-summarize tool.
Instruction Scope
SKILL.md describes running the included Node scripts and enforces summarization/formatting rules. The runtime instructions only reference the declared binary and env var; they do not instruct reading unrelated files, other credentials, or sending data to unexpected endpoints.
Install Mechanism
No install spec (instruction-only). Included code files are simple Node scripts that make fetch POSTs to the Tavily API; nothing is downloaded from untrusted URLs and no archives are extracted.
Credentials
The skill requests only TAVILY_API_KEY (primary credential) which is necessary for the described API calls. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: it uses your TAVILY_API_KEY and Node to call Tavily's search/extract APIs and prints/returns results for summarization. Before installing, confirm you trust tavily.com and are comfortable that the API key will be sent to api.tavily.com. Notes: (1) the extract script may return full raw page content (possibly including sensitive text) — avoid using a production/privileged key if you are unsure; (2) limit the key's scope or use a separate account if possible and monitor usage on Tavily for unexpected calls; (3) the skill enforces strict summarization rules in SKILL.md but those are formatting instructions, not additional permissions. If you plan to allow autonomous agents to invoke skills, remember autonomous invocation is allowed by default — consider restricting agent autonomy if you want manual control over when the skill can call external services.
scripts/extract.mjs:18
Environment variable access combined with network send.
scripts/search.mjs:42
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

aivk975e34935ndqhagse8ya95ggd840vtplatestvk975e34935ndqhagse8ya95ggd840vtpsearchvk975e34935ndqhagse8ya95ggd840vtpsummaryvk975e34935ndqhagse8ya95ggd840vtp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsnode
EnvTAVILY_API_KEY
Primary envTAVILY_API_KEY

Comments