Scavio Google
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Scavio Google search skill, with the main considerations being its required API key and sending search queries to Scavio.
This skill appears reasonable for web/news/image/map search. Install it if you are comfortable providing a Scavio API key and having search queries sent to Scavio; protect the key and avoid confidential searches.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can spend Scavio credits or make search requests under the configured account when this skill is used.
The skill requires a Scavio bearer API key to make authenticated search requests. This is expected for the service, but it gives the agent authority to use that API key.
POST https://api.scavio.dev/api/v1/google Authorization: Bearer $SCAVIO_API_KEY
Use a dedicated Scavio key if possible, keep it out of prompts and logs, and monitor credit usage.
Sensitive or private search terms could be shared with Scavio as part of normal operation.
The skill sends user search queries and filters to the external Scavio API. This is disclosed and central to the search function, but it means query contents leave the local environment.
Call the endpoint with the query and any filters.
Avoid using the skill for confidential queries unless you are comfortable with Scavio receiving those search terms and have reviewed the provider's policies.