ClawHub

Tavily Search

v0.1.0

Web search, extraction, crawling, mapping, and deep research via Tavily API. Five tools for finding information, extracting content, exploring websites, and...

0· 125·0 current·1 all-time
by@popxool868-abcd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared env var (TAVILY_API_KEY), SKILL.md, and all scripts consistently call https://api.tavily.com endpoints for search, extract, crawl, map, and research. The required credential and network calls align with the stated purpose.
Instruction Scope
SKILL.md and scripts limit runtime behavior to sending requests to Tavily API and printing results. The scripts do not read unrelated files, environment variables, or system configuration. Note: crawling/extraction will send the provided URLs and queries to Tavily (expected for this functionality).
Install Mechanism
No install spec; scripts are instruction-only / small Node scripts that use built-in fetch. Nothing is downloaded from untrusted URLs and no archives are extracted.
Credentials
Only one environment variable is required (TAVILY_API_KEY), which is the primary credential used in all requests. No unrelated secrets, config paths, or multiple unrelated credentials are requested.
Persistence & Privilege
The skill does not request permanent/always presence (always:false), does not modify other skills or system-wide settings, and requires no special privileges beyond network access to Tavily's API.
Assessment
This skill appears coherent, but before installing: 1) Treat TAVILY_API_KEY as a secret and only provide it if you trust Tavily/app.tavily.com. 2) Remember that extract/crawl/map will transmit the URLs and any page content to Tavily — do not send private/internal URLs (localhost, intranet) or sensitive documents. 3) Verify the Tavily service terms, rate limits, and data-retention policy if you will send copyrighted or confidential content. 4) If you want to limit autonomous agent use, keep the skill disabled by default and invoke it only when needed.
scripts/crawl.mjs:41
Environment variable access combined with network send.
scripts/extract.mjs:36
Environment variable access combined with network send.
scripts/map.mjs:37
Environment variable access combined with network send.
scripts/research.mjs:29
Environment variable access combined with network send.
scripts/search.mjs:36
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk977azdsgzzzy108bk3cgvj5rd8361t7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
EnvTAVILY_API_KEY
Primary envTAVILY_API_KEY

Comments