tavily

This skill documentation describes a legitimate API client for Tavily search and is coherent with its stated purpose. There are no direct malicious code snippets or explicit supply-chain download-execute patterns in the provided text. The main security considerations are: (1) protect the Tavily API key (it will be sent to Tavily's servers); (2) review the tavily-python package source before installation because it will run with the privileges of the caller and handle the API key; and (3) be cautious with the --raw-content mode and command-line examples that pipe URLs into curl/xargs, since automated fetching of arbitrary URLs can be used to access or exfiltrate sensitive internal resources if the host has access to them. Overall risk is low-to-moderate, driven primarily by transitive trust in the tavily-python dependency and the raw HTML / follow-up-fetch examples.