tavily-search-free

[Skill Scanner] Installation of third-party script detected This skill's documentation describes expected behavior (calling a third-party search API using an API key) and is internally consistent with its stated purpose. There is no explicit malicious code in the provided text. Main concerns: unpinned/unverified dependency install (tavily-python from PyPI) and forwarding user queries plus the TAVILY_API_KEY to an external service (requires trusting that service). Without the actual script implementation, TLS, logging, and any additional data flows cannot be confirmed — review the tavily_search.py and the tavily-python package before trusting or deploying. Treat as functionally expected but with medium supply-chain/privacy risk. LLM verification: This skill's documentation and install pattern are plausible for a legitimate API integration but contain multiple supply-chain and operational risks: unpinned third-party dependency (pip install tavily-python), instructions that cause users to install packages and provide a raw API key in a local .env, unspecified network endpoints, and inconsistent/typoed examples. There is no direct evidence of embedded malware in the provided text, but the combination of unpinned installs plus credential usa