tavily-2

This skill documentation describes a legitimate-looking integration with the Tavily search API. The requested credential (TAVILY_API_KEY) and network access to tavily.com are appropriate for the stated purpose. Primary risks are standard supply-chain and network exposure from installing the 'tavily-python' package and sending queries/API key to an external service. Examples that pipe or follow URLs (curl/xargs) are user-driven patterns that can cause additional network calls and should be used with caution. No obfuscated code, hardcoded secrets, download-and-execute instructions, credential harvesting, or third-party intermediary routing are present in the provided document. To finalize trust decisions, review the actual scripts (scripts/tavily_search.py) and the tavily-python package source before use.