ClawHub

Tavily api

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed instructional Tavily web-research skill whose external API use and API key requirement match its stated purpose.

Install this only if you want the agent to use Tavily for web research. Configure TAVILY_API_KEY through the host environment, do not paste keys into prompts, and avoid sending secrets, confidential topics, internal URLs, private documents, or regulated data to Tavily unless your organization has approved that data flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send user-supplied URLs to Tavily and retrieve page content, but it does not warn that both the URLs and the fetched content are transmitted to a third-party service. This can expose sensitive internal links, private document locations, or regulated content without informed user consent, especially if users provide non-public URLs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The recipe directs the agent to send user topics, decomposed sub-queries, and extracted URLs/content to Tavily without any explicit disclosure or consent step. This can cause unintentional transmission of sensitive user data to a third-party service, especially when the topic contains proprietary, personal, or confidential information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The recipe explicitly instructs sending user-supplied URLs and extracted page content to Tavily, but it does not require any user consent, warning, or data-sensitivity check before making that external request. This can expose confidential internal URLs, private resources, or sensitive page contents to a third-party service, especially in enterprise or regulated environments.

External Transmission

Medium
Category
Data Exfiltration
Content
## Tavily operation to use

Use the **extract** endpoint (`POST https://api.tavily.com/extract`).
Why: extract takes a list of URLs and returns their `raw_content`. Using search here would be wrong — it would re-rank the open web instead of reading the pages the user named.

## Request shape
Confidence
88% confidence
Finding
https://api.tavily.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Request shape

```http
POST https://api.tavily.com/extract
Authorization: Bearer <TAVILY_API_KEY>
Content-Type: application/json
```
Confidence
90% confidence
Finding
https://api.tavily.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal