Tavily Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tavily web search skill that sends user-directed search and crawl requests to Tavily using a Tavily API key.

Install this only if you want Tavily to handle web search and research for the agent. Treat the Tavily API key as a secret, prefer environment variables or a secret manager, and avoid sending confidential queries, private URLs, internal endpoints, or personal data unless you are authorized to share them with Tavily.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill encourages sending arbitrary search queries, URLs, and site targets to Tavily for search, extraction, crawling, mapping, and research, but it does not warn that this data is transmitted to an external third-party service. This creates a real privacy and data-handling risk because users or downstream agents may submit sensitive URLs, internal endpoints, proprietary documents, or confidential research topics without understanding they leave the local environment.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The setup section shows placing the Tavily API key directly in plugin configuration but does not warn that the key is sensitive or recommend secure storage practices. This can lead users to hardcode credentials in config files that may be committed to source control, logged, or shared, increasing the chance of credential exposure and unauthorized API usage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal