Skillv1.0.0

ClawScan security

Tavily Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 10:26 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and required credential (TAVILY_API_KEY) are consistent with a Tavily web-search integration and do not request unrelated secrets or install arbitrary code.
Guidance: This skill appears coherent: it needs Node and a Tavily API key and simply calls tavily.com endpoints. Before installing, verify the TAVILY_API_KEY you provide is intended for this use and comes from a trusted Tavily account. Note the small metadata mismatch (owner ID) in the package—this may be a packaging/metadata bug; if provenance matters to you, confirm the publisher. Also be aware openclaw-wrapper.js will call the search script with fixed flags (news, 5 results) if you run that wrapper; use scripts/search.mjs directly if you want other options. If you have concerns, run the scripts in a sandboxed environment or inspect network traffic to confirm they only contact api.tavily.com.

Review Dimensions

Purpose & Capability: okName/description, required binary (node), required env var (TAVILY_API_KEY), and the code's network calls (https://api.tavily.com/search and /extract) all align with a web-search integration. Minor provenance inconsistency: registry metadata ownerId differs from _meta.json ownerId (possible packaging/metadata error) but this does not change functional alignment.
Instruction Scope: okSKILL.md instructs running the included Node scripts; the scripts only read the declared TAVILY_API_KEY and provided CLI args and call Tavily endpoints. They do not read unrelated files, system credentials, or send data to other hosts. Note: openclaw-wrapper.js uses child_process.execSync to invoke search.mjs with fixed flags (forces --topic news and -n 5) which differs from the flexible invocation shown in SKILL.md; this is a behavioral inconsistency (not a secret-access issue).
Install Mechanism: okNo install spec; this is an instruction-and-script bundle that requires node at runtime. No downloads or archive extraction occur, so install risk is low.
Credentials: okOnly TAVILY_API_KEY is required and declared as the primary credential. The code uses that key only to call Tavily's API endpoints; no other secrets or environment variables are accessed.
Persistence & Privilege: okSkill does not request always:true, does not modify other skills, and does not write persistent configuration. It runs on-demand and has no elevated persistence or cross-skill access.