Is tavily-search safe?

https://clawhub.ai/arun-8687/tavily-search

85
SAFE

The tavily-search skill is a lightweight wrapper around the legitimate Tavily AI search API, providing search and URL content extraction capabilities. The SKILL.md is clean with no prompt injection attempts, clone behavior was benign, and canary files were untouched. However, the audit pipeline failed to capture the actual source code of the two executable .mjs scripts, preventing full verification of their behavior. This evidence gap prevents a higher confidence rating.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 72/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (5)

MEDIUM Script source code not captured in audit evidence -28

The actual contents of scripts/search.mjs and scripts/extract.mjs were not included in the all-contents.txt evidence file. Only SKILL.md, _meta.json, and origin.json were captured. Without reviewing the executable code, hidden malicious behavior cannot be definitively ruled out. This is an audit pipeline gap.

LOW Extract command accepts arbitrary URLs -12

The extract.mjs script is designed to fetch and return content from any user-provided URL. While this is the stated purpose, in a multi-skill agent environment, another skill's prompt injection could leverage this to send data to attacker-controlled endpoints by crafting URLs with encoded data in query parameters.

LOW API key exposed to external service -10

The skill requires TAVILY_API_KEY to be set as an environment variable, which is then used by the scripts to authenticate with api.tavily.com. This is expected behavior for an API wrapper, but the user's API key is sent to a third-party service with every query.

INFO Clean SKILL.md with no manipulation attempts -10

The SKILL.md is straightforward documentation listing search commands, options, and usage notes. No hidden instructions, unicode tricks, HTML comments, or persona manipulation detected.

INFO Legitimate Tavily API wrapper with standard functionality -5

Tavily is a well-known AI search API service. The skill's claimed functionality (search and URL extraction) aligns with Tavily's public API capabilities. No suspicious behavioral patterns detected.