Skills
AGENT LAB: SKILLS
skills/tavily-ai/skills/crawl/Gen Agent Trust Hub

crawl

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The script scripts/crawl.sh executes npx -y mcp-remote, which downloads and runs external code from the npm registry at runtime without integrity verification.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill's authentication process depends on downloading the mcp-remote package and connecting to https://mcp.tavily.com/mcp at runtime.
  • [DATA_EXFILTRATION] (MEDIUM): The script reads sensitive authentication tokens from the ~/.mcp-auth/ directory. Accessing hidden credential caches in the user's home folder is a high-risk operation, though the severity is reduced to MEDIUM as it is required for the skill's stated OAuth functionality.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it retrieves untrusted data from the web and writes it directly to local markdown files without sanitization.
  • Ingestion points: External website content fetched via curl in scripts/crawl.sh.
  • Boundary markers: None identified.
  • Capability inventory: Local file-write operations in scripts/crawl.sh.
  • Sanitization: No validation or sanitization is performed on the content of the crawled pages.
  • [COMMAND_EXECUTION] (LOW): The script uses standard shell utilities including curl, jq, sed, and mkdir to perform its tasks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:38 PM