tavily
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: The skill implementation adheres to security best practices for AI agent extensions.
- [COMMAND_EXECUTION]: The skill uses Node.js scripts to perform its operations. These scripts are limited to argument parsing and API interaction.
- [DATA_EXFILTRATION]: The skill communicates with api.tavily.com to send search queries and retrieve web content. This is the intended behavior and targets a well-known service.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill correctly retrieves the TAVILY_API_KEY from the environment.
Audit Metadata