ClawHub

My Liang Tavily Search

v1.0.0

Web search using Tavily's LLM-optimized API. Returns relevant results with content snippets, scores, and metadata.

0· 191·1 current·1 all-time
by@ohmaxy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request Node and a TAVILY_API_KEY and the code performs a POST to https://api.tavily.com/search — these requirements align with a web-search skill that uses Tavily's API.
Instruction Scope
SKILL.md and scripts/search.mjs confine actions to building a search request and calling the Tavily API. The runtime does not read local files, other environment variables, or unrelated system configuration, and it only sends the query and declared options to Tavily.
Install Mechanism
There is no install spec (instruction-only with an included Node script). Nothing is downloaded or written to disk by an installer; the script is run directly with node.
Credentials
Only TAVILY_API_KEY is required and used as the Bearer token for the Tavily API. No additional secrets or unrelated credentials are requested.
Persistence & Privilege
The skill is not configured always:true and does not request system-wide persistence or modification of other skills. Autonomous invocation is allowed by platform default but not elevated by this skill.
Assessment
This skill appears to do what it claims — it needs Node and your Tavily API key and calls Tavily's official API. Before installing: (1) verify you trust tavily.com and are comfortable sending search queries (and optionally page content) to that service; using --raw-content or similar options may cause more content to be included in API requests, so avoid passing sensitive data; (2) confirm the node runtime on your agent supports global fetch (Node 18+), or run with an appropriate environment; (3) note a minor metadata mismatch (ownerId/version) between the registry listing and _meta.json — if provenance is important, ask the publisher for clarification or inspect the skill source yourself; (4) because the skill can be invoked by the agent, consider limiting when it may run automatically if you have strict data-handling policies.
scripts/search.mjs:81
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c453qc6ccv49se1gvyp8n0h82yhq4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsnode
EnvTAVILY_API_KEY
Primary envTAVILY_API_KEY

Comments