Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tavily Research

v1.0.0

Comprehensive research grounded in web data with explicit citations. Use when you need multi-source synthesis—comparisons, current events, market analysis, d...

1· 529·2 current·2 all-time
byLiang@matthew77
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (web research with citations) align with required items: Node runtime and a single TAVILY_API_KEY. The script sends queries to api.tavily.com and returns results, which is consistent with the stated functionality.
Instruction Scope
SKILL.md and the included script limit actions to: reading TAVILY_API_KEY, POSTing a JSON query to https://api.tavily.com/search, formatting the returned JSON into a report, and optionally writing the report to a file. There are no instructions to read other environment variables, scan local files, or transmit data to third-party endpoints.
Install Mechanism
No install spec is provided (instruction-only plus an included script). The only runtime requirement is the node binary, which is reasonable for a JS script. Nothing is downloaded from untrusted URLs or written to unusual locations.
Credentials
Only one credential is required (TAVILY_API_KEY) and it is the primary credential. That matches the need to authenticate to Tavily's API; there are no unrelated secrets or broad environment access requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. It does not store credentials itself; it expects the user to provide the API key via env or config.
Assessment
This skill appears to do exactly what it says: it sends your query to Tavily's API and formats the response. Before installing, confirm you trust tavily.com and are comfortable providing your Tavily API key to the agent (the key is used to authenticate requests to api.tavily.com). If you have sensitive queries, avoid using --output to save them to disk in shared locations. If you need stricter controls, consider creating a limited-scope API key (if Tavily supports that) or reviewing network policies so the skill can only contact api.tavily.com.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📊 Clawdis
Binsnode
EnvTAVILY_API_KEY
Primary envTAVILY_API_KEY
latestvk97052yxjy6w7sk3kpafana2ys8259w3
529downloads
1stars
1versions
Updated 5h ago
v1.0.0
MIT-0

Tavily Research

Conduct comprehensive research on any topic with automatic source gathering, analysis, and response generation with citations.

Authentication

Get your API key at https://tavily.com and add to your OpenClaw config:

{
  "skills": {
    "entries": {
      "tavily-research": {
        "enabled": true,
        "apiKey": "tvly-YOUR_API_KEY_HERE"
      }
    }
  }
}

Or set the environment variable:

export TAVILY_API_KEY="tvly-YOUR_API_KEY_HERE"

Quick Start

Using the Script

node {baseDir}/scripts/research.mjs "query"
node {baseDir}/scripts/research.mjs "query" --pro
node {baseDir}/scripts/research.mjs "query" --output report.md

Examples

# Quick overview
node {baseDir}/scripts/research.mjs "What is retrieval augmented generation?"

# Comprehensive analysis
node {baseDir}/scripts/research.mjs "LangGraph vs CrewAI for multi-agent systems" --pro

# Market research with output file
node {baseDir}/scripts/research.mjs "Fintech startup landscape 2025" --pro --output fintech-report.md

# Technical comparison
node {baseDir}/scripts/research.mjs "React vs Vue vs Svelte" --pro

Options

OptionDescriptionDefault
--model <model>Model: mini, pro, automini
--output <file>Save report to file-
--jsonOutput raw JSONfalse

Model Selection

Rule of thumb: "what does X do?" → mini. "X vs Y vs Z" or "best way to..." → pro.

ModelUse CaseSpeed
miniSingle topic, targeted research~30s
proComprehensive multi-angle analysis~60-120s
autoAPI chooses based on complexityVaries

Output Format

The research includes:

  • AI-generated answer: Comprehensive synthesis
  • Sources: Citations with titles, URLs, and relevance scores
  • Metadata: Query, response time, and statistics

Tips

  • Research can take 30-120 seconds depending on complexity
  • Use --pro for comparisons, market analysis, or detailed reports
  • Use --output to save reports for later reference
  • The auto model lets Tavily choose based on query complexity

Comments

Loading comments...