ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

search1

v1.0.0

Web search via Tavily API (alternative to Brave). Use when the user asks to search the web / look up sources / find links and Brave web_search is unavailable...

0· 182·0 current·0 all-time
by@popxool868-abcd·duplicate of @gyzx/openclaw-tavily-search-0-1-0

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for popxool868-abcd/openclaw-tavily-search-pb.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "search1" (popxool868-abcd/openclaw-tavily-search-pb) from ClawHub.
Skill page: https://clawhub.ai/popxool868-abcd/openclaw-tavily-search-pb
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-tavily-search-pb

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-tavily-search-pb
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (web search via Tavily) matches the bundled script's behavior (POSTs queries to https://api.tavily.com/search). However the registry metadata claims no required environment variables or primary credential, while both SKILL.md and scripts/tavily_search.py require TAVILY_API_KEY. Additionally _meta.json ownerId/slug/version differ from the provided registry metadata — metadata inconsistencies reduce trust.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python script and to provide an API key via TAVILY_API_KEY or ~/.openclaw/.env. The script only reads that key, sends search queries to the Tavily API, and returns results in several formats; it does not attempt to read other system files or call unrelated endpoints.
Install Mechanism
There is no install spec (instruction-only with a bundled script). Nothing is downloaded or written to disk by an installer step, which is low risk. The script itself will run when invoked.
!
Credentials
The skill legitimately needs an API key for Tavily, but the registry metadata does not declare this requirement. The script will read ~/.openclaw/.env if present (it parses the file for TAVILY_API_KEY). That file can contain other secrets, so users should confirm only the intended key is stored there and that the key is trusted for external queries to Tavily.
Persistence & Privilege
The skill is not always-included and does not request elevated/persistent privileges. It does not modify other skills or system-wide configuration.
What to consider before installing
This skill appears to be what it says (a Tavily-backed web search) but there are two red flags you should address before installing: (1) SKILL.md and the script require TAVILY_API_KEY, yet the registry metadata lists no required credentials — verify where and how you will store the key and that the registry listing is accurate; (2) the package metadata (ownerId, slug, version) inside the bundle differs from the published metadata — confirm the publisher's identity/version. Also verify you trust api.tavily.com (the script will send your queries and the API key there). If unsure, inspect/run the script in a sandbox, supply a limited or test key, or ask the publisher to correct the metadata before enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a3amnx05p2xmpyyzzwpxsax837jqf
182downloads
0stars
1versions
Updated 19m ago
v1.0.0
MIT-0
@popxool868-abcd
latest
Download

Tavily Search

Use the bundled script to search the web with Tavily.

Requirements

  • Provide API key via either:
    • environment variable: TAVILY_API_KEY, or
    • ~/.openclaw/.env line: TAVILY_API_KEY=...

Commands

Run from the OpenClaw workspace:

# raw JSON (default)
python3 {baseDir}/scripts/tavily_search.py --query "..." --max-results 5

# include short answer (if available)
python3 {baseDir}/scripts/tavily_search.py --query "..." --max-results 5 --include-answer

# stable schema (closer to web_search): {query, results:[{title,url,snippet}], answer?}
python3 {baseDir}/scripts/tavily_search.py --query "..." --max-results 5 --format brave

# human-readable Markdown list
python3 {baseDir}/scripts/tavily_search.py --query "..." --max-results 5 --format md

Output

raw (default)

  • JSON: query, optional answer, results: [{title,url,content}]

brave

  • JSON: query, optional answer, results: [{title,url,snippet}]

md

  • A compact Markdown list with title/url/snippet.

Notes

  • Keep max-results small by default (3–5) to reduce token/reading load.
  • Prefer returning URLs + snippets; fetch full pages only when needed.

Comments

Loading comments...