Tavily Search Local
PassAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward Tavily web-search wrapper that needs a Tavily API key and sends searches or URLs to Tavily, with no hidden or destructive behavior shown.
Before installing, make sure you are comfortable sharing search queries and requested URLs with Tavily and using your Tavily API quota. Treat returned snippets and extracted webpage text as untrusted content that should inform research, not override your instructions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A webpage returned by the tool could contain text that tries to influence the agent, so results should be treated as data, not instructions.
The extraction tool prints raw webpage content into the agent's context. This is purpose-aligned for a web extraction skill, but retrieved web text can contain untrusted instructions or misleading content.
const content = String(r?.raw_content ?? "").trim(); ... console.log(content || "(no content extracted)");
Use the tool for research, but keep user/system instructions authoritative over any instructions found in returned webpages or snippets.
Search queries use the configured Tavily account and may consume quota or reveal the query text to Tavily.
The script reads TAVILY_API_KEY and sends it with the search query to Tavily's API. This is disclosed and expected for the integration, with no evidence of unrelated endpoints or credential leakage.
api_key: apiKey, query: query, ... await fetch("https://api.tavily.com/search",Install only if you are comfortable using a Tavily API key for agent searches, and avoid sending sensitive private information as search queries or extracted URLs.