Tavily Search
WarnAudited by ClawScan on May 10, 2026.
Overview
The Tavily search functionality is mostly coherent, but an included wrapper builds a shell command from the raw search query, which can let crafted queries run local commands.
Wait for the wrapper command-injection issue to be fixed before installing or invoking this skill in an agent that may pass arbitrary search text. If you still use the underlying scripts, use a dedicated Tavily API key and be aware that searches and extracted URLs are sent to Tavily.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted search query could run local commands with the user's permissions instead of only performing a Tavily search.
The wrapper takes a command-line query and interpolates it into a shell command. A query containing shell metacharacters or quotes could execute unintended local commands, and those commands would inherit the user's environment.
const query = process.argv[2] || ''; ... execSync(`node scripts/search.mjs "${query}" -n 5 --topic news`, { env: { ...process.env, TAVILY_API_KEY: process.env.TAVILY_API_KEY } })Do not use the wrapper until it is changed to avoid the shell, for example by using spawnFile/execFile with an argument array or by invoking the search script directly without string interpolation.
Search queries and the Tavily API key are sent to Tavily's API when the skill runs.
The skill reads the Tavily API key from the environment and sends it to Tavily with the search request. This is expected for the stated Tavily API integration, but it is still credential use users should understand.
const apiKey = (process.env.TAVILY_API_KEY ?? "").trim(); ... body: JSON.stringify({ api_key: apiKey, query: query, ... })Use a dedicated Tavily API key with appropriate limits, avoid sending sensitive queries or URLs unless intended, and rotate the key if it may have been exposed.
It may be harder to confirm that the published package matches the expected publisher and identity.
The bundled metadata differs from the supplied registry metadata, which lists a different owner ID and slug. This does not prove malicious behavior, but it weakens provenance clarity.
"ownerId": "kn7azq5e6sw0fbwwzdpcwvvjzd7z0x4z", "slug": "tavily-search"
Verify the publisher and package provenance before installing, especially because the included wrapper has an unsafe execution pattern.