tavily-cli
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command that fetches and executes a shell script directly from the vendor's domain at
https://cli.tavily.com/install.sh. This is documented as a standard setup procedure for the vendor's tool. - [EXTERNAL_DOWNLOADS]: The skill supports the installation of the
tavily-clipackage via standard Python package managers such aspipanduv. - [COMMAND_EXECUTION]: The skill requires permission to execute the
tvlycommand-line utility via the system shell to perform its core functions of searching and crawling. - [CREDENTIALS_UNSAFE]: The documentation provides instructions for supplying a Tavily API key using environment variables or command-line flags, utilizing placeholders like
tvly-YOUR_KEYto avoid hardcoding actual secrets.
Audit Metadata