ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tavily-Ai-Search-v2

v2.0.0

AI-optimized web search using Tavily Search API. Use when you need comprehensive web research, current events lookup, domain-specific search, or AI-generated...

0· 41·0 current·0 all-time
by@stavc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes a Tavily Search integration that requires an API key and configuration (Clawdbot config or TAVILY_API_KEY). However the skill metadata declares no primary credential, no required environment variables, and no required config paths. Also the docs reference runnable scripts (scripts/tavily_search.py) but no code files are present. The declared metadata does not match the functionality described.
!
Instruction Scope
The runtime instructions explicitly tell the agent/user to read/store credentials in a Clawdbot config and/or ~/.clawdbot/.env and to run scripts located under scripts/. The SKILL.md therefore directs access to local config and env files that are not declared in the manifest. The instructions are prescriptive about where secrets live and reference reading local files, creating a scope mismatch.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes on-disk installation risk, but also makes the skill's operational behavior ambiguous (it describes scripts that are not present).
!
Credentials
The documentation requires a Tavily API key (tvly-...) and suggests storing it in Clawdbot config or TAVILY_API_KEY in ~/.clawdbot/.env, but the skill metadata lists no required env vars or credentials. Requiring an API key is reasonable for a search integration, but failing to declare it in the manifest is a proportionality/information problem that prevents safe review and least-privilege controls.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. There is no evidence it attempts to modify other skills or system-wide settings. Autonomous invocation defaults are unchanged (normal).
What to consider before installing
This skill's documentation expects a Tavily API key and access to your Clawdbot config or ~/.clawdbot/.env, but the registry metadata does not declare any required credentials or config paths and there are no code files (the mentioned scripts are missing). Before installing or enabling: 1) Ask the publisher for the skill source code or a canonical homepage and confirm who runs tavily.com. 2) Require the manifest to explicitly list the TAVILY_API_KEY (or Clawdbot config path) so you can audit and apply least privilege. 3) If you must provide an API key, create a dedicated key with minimal scope/quotas and rotate it if the skill is removed. 4) Do not place high-privilege credentials in global shell profiles; prefer scoped keys in a separate secrets store. 5) Ask why runnable scripts are referenced but not included — if the agent is expected to call the Tavily API directly, request an explicit instruction template showing only necessary environment accesses. If the publisher cannot clarify these inconsistencies, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk976rzam4r1405sk3mw6zme99h83y41a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments