Back to skill

Security audit

Tavily Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a purpose-aligned Tavily web search skill, but users should treat searches as outbound third-party data sharing.

Install only if you are comfortable sending search queries, URLs, and selected options to Tavily. Do not include secrets, confidential internal documents, regulated personal data, or private URLs in searches unless that external data flow is approved; keep the Tavily API key in a proper secret store and use raw-content retrieval only when necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The top-level description uses broad activation language such as current information, research, fact-checking, and competitive analysis without clear guardrails. In agentic systems, vague triggers can cause over-invocation of the skill, unnecessarily sending user prompts or sensitive task context to an external search provider.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The "When to Use" section lists very general scenarios that could match many ordinary requests, encouraging the agent to route a wide range of tasks through web search. Because search queries are transmitted off-platform, this broad routing increases the chance of privacy leakage and unnecessary exposure of user intent or proprietary context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that it performs web search via the Tavily API but does not clearly warn that user queries and possibly derived context are sent to a third-party service. This omission can mislead users and integrators about data handling, creating privacy, compliance, and trust risks when sensitive prompts are searched externally.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The API key setup section documents secret locations and external API usage but does not include guidance on safe credential handling or third-party data exposure. While not an exploit by itself, this weakens operational security by normalizing external transmission and secret usage without warning about least privilege, storage protections, and avoiding leakage in logs or prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user-supplied search queries, and potentially large bodies of retrieved/raw content when enabled, to Tavily's external API without any consent notice, redaction, or policy check. In an agent setting, users may unknowingly include sensitive prompts, internal names, or proprietary text in searches, creating a real data leakage risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal