Tavily Search 1

Security checks across malware telemetry and agentic risk

Overview

This Tavily search skill is purpose-aligned and disclosed; its main risk is that search queries and URLs are sent to Tavily.

Install only if you are comfortable sending search terms and requested URLs to Tavily using your Tavily API key. Avoid asking it to extract private, internal, secret-bearing, or access-token URLs unless that disclosure to Tavily is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill metadata says it provides web search, but this script sends arbitrary user-supplied URLs to Tavily's extract endpoint to retrieve raw page content. That hidden capability expands the trust boundary and can expose sensitive internal or private URLs to a third party, making the skill more dangerous than its stated purpose suggests.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The script accepts arbitrary URLs from the command line and forwards them for remote content extraction, which is broader than a normal search function. In an agent setting, this can be abused to fetch and exfiltrate content from attacker-chosen URLs, including internal resources if other components supply such URLs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal