Skillv1.0.0

ClawScan security

123 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 24, 2026, 2:06 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code and runtime instructions match a Tavily web-search integration and only need a Tavily API key and node, but metadata mismatches (odd name/slug/owner) and the fact that queries/URLs are sent to an external API warrant caution before installing.
Guidance: This skill's behavior (node scripts that POST queries/URLs to Tavily) is consistent with its description, but there are red flags in the metadata (odd name '123', bizarre registry slug, ownerId mismatch vs _meta.json). Before installing: 1) Verify the publisher and that this is an official Tavily integration (check tavily.com and contact vendor if needed). 2) Do not pass any sensitive queries, secrets, or private URLs to the skill—everything you send is transmitted to an external API. 3) Use a restricted, rotate-able TAVILY_API_KEY with least privilege and monitor its use. 4) If you need stronger assurance, request a trusted release (official package or GitHub release) or ask the publisher to correct metadata inconsistencies. If you cannot verify the publisher, consider the risk of exposing queries and API key and treat the package as untrusted.

Review Dimensions

Purpose & Capability: noteThe skill's declared purpose (Tavily AI-optimized web search) matches the required binary (node), required env var (TAVILY_API_KEY), and the two included scripts which call Tavily's search and extract endpoints. However, registry metadata is inconsistent: top-level skill name is '123', the registry slug is an extremely long garbage string, and _meta.json lists a different ownerId and a sensible slug ('tavily-search'). These inconsistencies could indicate packaging/metadata tampering or republishing under a different registry entry.
Instruction Scope: okSKILL.md instructs running the included node scripts with reasonable CLI flags; the scripts only read TAVILY_API_KEY and the provided CLI args, then POST to https://api.tavily.com/search or /extract and print results. Instructions do not read other env vars or local files. Note: any query text or URLs you pass will be transmitted to an external service (Tavily), so do not send sensitive data.
Install Mechanism: okThere is no install spec (instruction-only with two small node scripts). Nothing is downloaded or extracted by an installer, and the scripts are lightweight and readable.
Credentials: okOnly a single credential (TAVILY_API_KEY) is required and used directly to authenticate requests to Tavily. That is proportionate to a search/extract integration. Ensure the key has minimal scope and is not shared elsewhere.
Persistence & Privilege: okalways is false and the skill does not request persistent/privileged system presence. Autonomous invocation (disable-model-invocation false) is the platform default; combined with an external API key this increases blast radius but is expected for an external-search skill.