tavily-web

The skill's stated purpose (web search, extraction, crawling via Tavily) is coherent with its described capabilities. However, there is a notable security risk due to the use of an unverifiable installation source (npx BenedictKing/tavily-web), which triggers supply-chain concerns and warrants at least a high risk rating. Credential handling via environment variables is standard practice but requires careful handling to avoid leakage. Overall, the footprint is suspicious rather than clearly malicious, with a recommended stance toward upgrading to an officially verifiable distribution mechanism or including rigorous code provenance checks before use.