ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tavily Research

v1.0.0

Conduct comprehensive AI-powered research with citations via the Tavily CLI. Use this skill when the user wants deep research, a detailed report, a compariso...

0· 117·0 current·0 all-time
by@abigale-cyber

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for abigale-cyber/content-system-tavily-research.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Tavily Research" (abigale-cyber/content-system-tavily-research) from ClawHub.
Skill page: https://clawhub.ai/abigale-cyber/content-system-tavily-research
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install content-system-tavily-research

ClawHub CLI

Package manager switcher

npx clawhub@latest install content-system-tavily-research
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name and description claim deep research via the Tavily CLI; the SKILL.md consistently instructs using `tvly research` commands. Requiring the Tavily CLI is coherent with the stated purpose.
!
Instruction Scope
The instructions explicitly tell the agent to run `curl -fsSL https://cli.tavily.com/install.sh | bash` and `tvly login`. That requires executing arbitrary remote code and performing an interactive login flow; the skill does not declare any credentials or explain what `tvly login` does or which endpoints receive credentials. The SKILL.md also enforces using this specific tool ('Do not skip this step'), reducing fallback options.
!
Install Mechanism
There is no formal install spec in metadata; instead the runtime docs recommend piping a script from cli.tavily.com into bash. Fetch-and-execute from an external URL is a high-risk install pattern because it runs arbitrary code with the agent's environment and writes binaries to disk; the domain is not a well-known release host referenced in the metadata and no checksums or verification steps are provided.
!
Credentials
Metadata declares no required credentials, yet the instructions require `tvly login` (an authentication step). The lack of declared primaryEnv or required env vars is a mismatch — users will need to provide credentials at runtime, and it's unclear how those credentials are handled, stored, or transmitted. The skill does not request unrelated secrets, but it fails to document the authentication surface.
!
Persistence & Privilege
Although the skill itself is not marked 'always' and is user-invocable, the recommended install step will install a persistent CLI on the host (via an external script) without an install spec or reviewable package source in the skill metadata. That persistent install increases blast radius if the fetched script is malicious or compromised.
What to consider before installing
This skill appears to do what it claims (deep research), but it asks the agent to fetch and run a remote install script and to run an interactive login that isn't declared in the metadata. Running curl | bash from an external domain can execute arbitrary code on your system and is the main risk here. Before installing: (1) review the contents of https://cli.tavily.com/install.sh yourself (do not pipe blindly), (2) prefer install sources with verifiable releases/checksums (GitHub releases, package managers), (3) confirm what `tvly login` does and where credentials are sent/stored, and (4) only proceed if you trust the Tavily project and domain. If you want lower risk, ask for a version of the skill that uses an audited package or that documents authentication and provides checksumed releases instead of a curl|bash installer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c9a9cyv35k5kqt8eczspc0n84fbg7
117downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@abigale-cyber
latest
Download

tavily research

AI-powered deep research that gathers sources, analyzes them, and produces a cited report. Takes 30-120 seconds.

Before running any command

If tvly is not found on PATH, install it first:

curl -fsSL https://cli.tavily.com/install.sh | bash && tvly login

Do not skip this step or fall back to other tools.

See tavily-cli for alternative install methods and auth options.

When to use

  • You need comprehensive, multi-source analysis
  • The user wants a comparison, market report, or literature review
  • Quick searches aren't enough — you need synthesis with citations
  • Step 5 in the workflow: search → extract → map → crawl → research

Quick start

# Basic research (waits for completion)
tvly research "competitive landscape of AI code assistants"

# Pro model for comprehensive analysis
tvly research "electric vehicle market analysis" --model pro

# Stream results in real-time
tvly research "AI agent frameworks comparison" --stream

# Save report to file
tvly research "fintech trends 2025" --model pro -o fintech-report.md

# JSON output for agents
tvly research "quantum computing breakthroughs" --json

Options

OptionDescription
--modelmini, pro, or auto (default)
--streamStream results in real-time
--no-waitReturn request_id immediately (async)
--output-schemaPath to JSON schema for structured output
--citation-formatnumbered, mla, apa, chicago
--poll-intervalSeconds between checks (default: 10)
--timeoutMax wait seconds (default: 600)
-o, --outputSave output to file
--jsonStructured JSON output

Model selection

ModelUse forSpeed
miniSingle-topic, targeted research~30s
proComprehensive multi-angle analysis~60-120s
autoAPI chooses based on complexityVaries

Rule of thumb: "What does X do?" → mini. "X vs Y vs Z" or "best way to..." → pro.

Async workflow

For long-running research, you can start and poll separately:

# Start without waiting
tvly research "topic" --no-wait --json    # returns request_id

# Check status
tvly research status <request_id> --json

# Wait for completion
tvly research poll <request_id> --json -o result.json

Tips

  • Research takes 30-120 seconds — use --stream to see progress in real-time.
  • Use --model pro for complex comparisons or multi-faceted topics.
  • Use --output-schema to get structured JSON output matching a custom schema.
  • For quick facts, use tvly search instead — research is for deep synthesis.
  • Read from stdin: echo "query" | tvly research - --json

See also

Comments

Loading comments...