Tavily Web Search
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: moochmaniac-tavily-search Version: 1.0.0 The skill is a standard implementation of a Tavily Search API wrapper for AI agents. It correctly handles API key retrieval from local secret files or environment variables and communicates only with the official Tavily endpoint (api.tavily.com). While the script in `scripts/search.py` contains a minor logic bug (a TypeError that occurs if no secret file is found, preventing the environment variable fallback), there is no evidence of malicious intent, data exfiltration, or prompt injection. The tool's behavior is entirely consistent with its stated purpose of providing real-time web search capabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your Tavily API key, which may incur Tavily usage and associate searches with your Tavily account.
This shows the skill reads and uses a local Tavily credential. That is expected for a Tavily integration, but users should notice it because the registry metadata lists no primary credential or required env var.
The script looks for the Tavily API key in: 1. `workspace/secrets/tavily_api_key` ... 3. `TAVILY_API_KEY` environment variable
Use a dedicated Tavily key, store it only in the intended secret path or environment variable, and rotate or revoke it if you no longer use the skill.
Search queries, including any sensitive terms you include, are sent to Tavily along with the API key needed to perform the search.
The script sends the search query and Tavily API key to Tavily's external API. This is disclosed and purpose-aligned for web search, but it is still a third-party data boundary.
payload = { "api_key": api_key, "query": query, ... }; requests.post("https://api.tavily.com/search", json=payload, timeout=30)Avoid putting secrets or highly sensitive private information into search queries, and review Tavily's data handling and billing expectations before use.