tavily-key-generator-proxy
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions direct users to clone a repository from an untrusted source (
https://github.com/skernelx/tavily-key-generator.git) that is not part of the trusted vendor or well-known service lists. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of downloaded code through manual invocation (
python main.py). Additionally, it includes an integration pattern (replenish.py) that usessubprocess.runto programmatically execute the local script based on API responses from the local proxy, creating a chain for automated code execution. - [COMMAND_EXECUTION]: The skill involves several command-line operations including
pip install,playwright install, anddocker compose, which involve installing external software, browser binaries, and running containers on the host system.
Recommendations
- HIGH: Downloads and executes remote code from: http://localhost:9874 - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata