tavily-search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Tavily web-search skill that uses a Tavily API key and sends user-directed searches or URLs to Tavily, with no hidden persistence or destructive behavior found.

Install this only if you intend to use Tavily as an external search provider. Use a dedicated Tavily API key, avoid sending secrets, private prompts, regulated data, or internal-only URLs as search/extraction input, and treat returned web content as untrusted information to verify rather than instructions for your agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documents and enables capabilities that require outbound network access and reading credentials from environment/config, but it does not declare those permissions. Undeclared capabilities weaken review and sandboxing assumptions, so operators may approve or run the skill without realizing it can access secrets and make external requests.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The stated description focuses on web search, but the documented behavior also includes arbitrary URL content extraction and additional operational modes. This mismatch can cause users or automated policy systems to under-assess the skill's reach, especially because content extraction can fetch and process attacker-chosen URLs beyond what a simple search integration implies.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invocation guidance uses a very broad natural-language trigger ("搜索 XXX 相关信息") that can easily overlap with ordinary conversation. In an agent environment, this increases the chance of unintended skill activation, causing unplanned external web queries, data leakage through query contents, or incorrect tool routing.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The documentation tells users to place an API key in environment variables or config without any guidance on secure secret handling. This increases the chance of accidental credential exposure through shell history, committed config files, logs, or overly broad environment sharing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal