ClawHub

Cliby Tavily Search

v1.0.1

use this when the user asks to search the web, look up recent information, check current events, gather online sources, or research a topic using tavily search.

0· 107·3 current·3 all-time
byDavid Liu@liuxindavid·fork of @goktugcy/tavily-web-search-for-openclaw (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, README, and the included script all implement a simple Tavily web search client that submits queries to https://api.tavily.com/search. The requested inputs (API key via CLI/env/secret file) and functionality (search, news, images, JSON output) are coherent with the declared purpose.
Instruction Scope
Runtime instructions are narrow: run the provided Python script with a query. The script only reads the API key from the CLI flag, TAVILY_API_KEY, or ../.secrets/tavily.key and posts search payloads to the Tavily API, then prints results. It does not read other system files, scan for unrelated credentials, or contact external endpoints other than the single Tavily API URL.
Install Mechanism
This is an instruction-only skill with a small bundled script and no install spec or third-party downloads. No packages are installed and nothing is written to disk by an installer—low installation risk.
Credentials
The script legitimately needs a Tavily API key and supports CLI/env/secret-file methods. However, the registry metadata lists no required env vars while SKILL.md and the script explicitly reference TAVILY_API_KEY and a .secrets/tavily.key file; the metadata omission is an inconsistency (minor) and should be corrected. No other credentials or unrelated env vars are requested.
Persistence & Privilege
The skill is not always-enabled, does not modify other skills, and does not request elevated or persistent system privileges. It only reads its own secret file path and environment variable as expected.
Assessment
This skill appears to be what it claims: a small, dependency-free Tavily search client. Before installing, confirm you are comfortable providing a Tavily API key (via --api-key, TAVILY_API_KEY, or .secrets/tavily.key). Ensure the .secrets file is created with tight permissions (chmod 600) and not committed to version control. Note the registry metadata does not list TAVILY_API_KEY even though the script uses it—this is likely an oversight but you may want the publisher to update metadata for clarity. If you have strict security requirements, verify the API endpoint (https://api.tavily.com/search) is the expected official service and consider rotating the key if you test with a production credential.

Like a lobster shell, security has layers — review code before you run it.

latestvk977r504gdxwcftgyyepnq2dfs83fyx9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments