Tavily AI搜索
ReviewAudited by ClawScan on May 14, 2026.
Overview
The skill is a coherent Tavily search wrapper, but it ships with a Tavily API key despite declaring no credential requirement, creating account and privacy ambiguity.
Review carefully before installing. The search functionality itself matches the description, but you should replace or remove the bundled Tavily API key and use your own key if you trust the provider and are comfortable sending search queries to Tavily.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches may run under a bundled or shared developer credential, making query attribution, quota use, billing, and account visibility unclear.
The distributed package contains a Tavily API key in config.json even though the registry metadata says no primary credential is required and the documentation describes configuring the user's own key.
"api_key": "tvly-dev-2mwL9s-..."
Remove the bundled key, declare Tavily credentials in metadata, and require each user to configure their own key through a documented secure path.
Anything included in a search query is transmitted to Tavily for processing.
The helper sends the search request to Tavily's external API, which is expected for a Tavily search integration.
API_URL = "https://api.tavily.com/search" ... requests.post(API_URL, json=body, timeout=30)
Avoid including secrets or highly private information in search queries unless you are comfortable sending them to Tavily.
Users have less publisher and dependency context when deciding whether to trust the helper code.
The skill has limited provenance metadata and no install specification, although the included code is small and directly visible.
Source: unknown; Homepage: none; Install specifications: No install spec
Publish a source or homepage link and document runtime dependencies such as Python requests.