Security audit

联网搜索一键配置 · Tavily One-Step

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tavily web-search skill whose external API use and API-key handling match its stated purpose, though users should treat searches, URLs, and crawls as data sent to Tavily.

Install only if you trust Tavily and the GitHub source you use. Do not send secrets, private prompts, internal URLs, or sensitive sites through search, extract, crawl, or map unless you intend Tavily to receive them. Store the API key locally, avoid committing .env files, and review the optional memory preference before making Tavily the default fallback for web lookups.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill is presented as a web search tool, but it also exposes extract, crawl, and map operations that can gather substantially more data from user-supplied targets than a normal search interface implies. This capability mismatch increases the risk of over-collection, accidental misuse, and unauthorized enumeration because users or higher-level agents may invoke broader site analysis functions without realizing the scope.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: Site crawling and mapping go beyond ordinary search and can enumerate site structure, follow many links, and collect larger amounts of content from a target domain. In the context of a skill advertised as simple web search, that hidden breadth makes the functionality more dangerous because it can be used for reconnaissance or bulk collection without clear operator awareness.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation explicitly promotes web search, extraction, crawling, and mapping against external sites but does not warn users that their prompts, queries, and submitted URLs will be sent to Tavily and possibly trigger requests to third-party websites. In an agent setting, this can lead to unintentional disclosure of sensitive user data or internal targets, especially if users assume the tool operates locally or do not realize external network transmission occurs.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The setup instructions tell users to place `TAVILY_API_KEY` in environment variables or `~/.openclaw/.env` but omit basic credential-safety guidance such as file permission hardening, avoiding commits, and secret rotation. This increases the chance of accidental exposure through source control, shared home directories, logs, backups, or overly permissive local files.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script sends user-provided queries, URLs, crawl instructions, and extracted content parameters to Tavily's external API, but the script itself provides no disclosure that this data leaves the local environment. This creates a privacy and data-handling risk because sensitive prompts, internal URLs, or proprietary targets may be transmitted off-host unexpectedly.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal