Skillv1.0.0

ClawScan security

search1 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 8:22 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and SKILL.md expect a TAVILY_API_KEY and read ~/.openclaw/.env, but the registry metadata does not declare any required credentials and some metadata fields disagree — these inconsistencies merit caution before installing.
Guidance: This skill appears to be what it says (a Tavily-backed web search) but there are two red flags you should address before installing: (1) SKILL.md and the script require TAVILY_API_KEY, yet the registry metadata lists no required credentials — verify where and how you will store the key and that the registry listing is accurate; (2) the package metadata (ownerId, slug, version) inside the bundle differs from the published metadata — confirm the publisher's identity/version. Also verify you trust api.tavily.com (the script will send your queries and the API key there). If unsure, inspect/run the script in a sandbox, supply a limited or test key, or ask the publisher to correct the metadata before enabling the skill.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (web search via Tavily) matches the bundled script's behavior (POSTs queries to https://api.tavily.com/search). However the registry metadata claims no required environment variables or primary credential, while both SKILL.md and scripts/tavily_search.py require TAVILY_API_KEY. Additionally _meta.json ownerId/slug/version differ from the provided registry metadata — metadata inconsistencies reduce trust.
Instruction Scope: okSKILL.md instructs the agent to run the bundled Python script and to provide an API key via TAVILY_API_KEY or ~/.openclaw/.env. The script only reads that key, sends search queries to the Tavily API, and returns results in several formats; it does not attempt to read other system files or call unrelated endpoints.
Install Mechanism: okThere is no install spec (instruction-only with a bundled script). Nothing is downloaded or written to disk by an installer step, which is low risk. The script itself will run when invoked.
Credentials: concernThe skill legitimately needs an API key for Tavily, but the registry metadata does not declare this requirement. The script will read ~/.openclaw/.env if present (it parses the file for TAVILY_API_KEY). That file can contain other secrets, so users should confirm only the intended key is stored there and that the key is trusted for external queries to Tavily.
Persistence & Privilege: okThe skill is not always-included and does not request elevated/persistent privileges. It does not modify other skills or system-wide configuration.