Skills
skills/jacky1n7/openclaw-skill-tavily-search/tavily-search/Gen Agent Trust Hub

tavily-search

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The script scripts/tavily_search.py accesses the sensitive file path ~/.openclaw/.env to retrieve the TAVILY_API_KEY. While this is a documented configuration mechanism for the skill, reading from credential stores is a sensitive operation. The extracted key is then transmitted via a POST request to the Tavily API (api.tavily.com), which is a well-known service.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external web searches.
  • Ingestion points: Search results including snippets and content from scripts/tavily_search.py are returned directly to the agent's context.
  • Boundary markers: The output format does not include explicit delimiters or 'ignore' instructions to prevent the agent from obeying commands embedded in the search results.
  • Capability inventory: The agent possesses the capability to execute shell commands and perform network operations based on its instructions.
  • Sanitization: No validation or sanitization of the retrieved web content is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 10:02 AM