← Back to Skills Marketplace
Tavily Extract
by
Evan Rimer
· GitHub ↗
· v1.0.0
· MIT-0
396
Downloads
1
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install tavily-extract
Description
Extract content from specific URLs using Tavily's extraction API. Returns clean markdown/text from web pages. Use when you have specific URLs and need their...
Usage Guidance
This skill generally does what it says (calls Tavily to extract pages), but it has important gaps you should consider before installing:
- It will try to read ~/.mcp-auth/*_tokens.json and extract access_token values; those files can contain other cached auth tokens — only proceed if you trust the skill and the Tavily issuer check in the script.
- The script will run `npx -y mcp-remote ...` to perform OAuth if no token is found. That downloads and executes code from npm at runtime; review the mcp-remote package (or avoid letting the script run it) if you want to reduce risk.
- The metadata didn't list runtime dependencies, but the script requires jq, curl, npx, and standard Unix tools; ensure those are present and safe.
- For minimal exposure, consider creating and providing a dedicated TAVILY_API_KEY (set the env yourself) rather than allowing the script to scan ~/.mcp-auth or auto-run npx.
If you need higher assurance, ask the skill author to: (1) declare required binaries/env in metadata, (2) avoid on-demand npx installs or document the exact npm package & version, and (3) limit or make optional any recursive scans of ~/, or at least clearly describe what files will be read.
Capability Analysis
Type: OpenClaw Skill
Name: tavily-extract
Version: 1.0.0
The skill facilitates web content extraction via the Tavily API and MCP protocol. The `extract.sh` script manages authentication by retrieving tokens from `~/.mcp-auth/` or initiating an OAuth flow using `npx mcp-remote`, with explicit checks to ensure tokens are issued by `tavily.com`. All network and file operations are directly related to the stated purpose of content extraction and authentication, and the script uses `jq` to safely handle JSON inputs.
Capability Assessment
Purpose & Capability
The name/description (use Tavily extract API) matches the script's behavior: it sends requests to Tavily endpoints and tries to obtain a Tavily token. However the registry metadata declares no required env vars or binaries while the script actually expects/uses TAVILY_API_KEY (env), ~/.mcp-auth token files, and external tools (jq, curl, npx, base64, find, sed, grep). This undocumented dependency mismatch is a design/information-quality problem.
Instruction Scope
The SKILL.md documents the OAuth flow and mentions ~/.mcp-auth and ~/.claude/settings.json. The script will recursively search the user's ~/.mcp-auth for *_tokens.json and decode tokens, and if none present it launches an OAuth helper. Reading auth token files in the home directory is functionally related to obtaining a Tavily token, but it is sensitive (may expose presence of other cached tokens) and should have been explicitly declared. The instructions also suggest adding TAVILY_API_KEY to ~/.claude/settings.json which touches agent configuration files — the script itself does not write to those files but the guidance encourages modifying them.
Install Mechanism
There is no install spec, but the runtime script calls 'npx -y mcp-remote ...' to initiate OAuth. That will fetch and execute an npm package on demand. On-demand npm installs are a non-trivial risk vector (remote code executed without an explicit install step). The script also relies on system binaries (jq, curl, base64, find, sed, grep) that are not declared in the registry metadata.
Credentials
The registry declares no required env vars, yet the script uses TAVILY_API_KEY (env) if present, and otherwise searches local token caches. Access to ~/.mcp-auth is sensitive. While these items are explainable (they are used to authenticate to Tavily), the absence of explicit declared credentials/config requirements in metadata is a discrepancy and reduces transparency about what the skill will access.
Persistence & Privilege
The skill is not always-enabled, does not request elevated or persistent system presence, and does not modify other skills' configs. It does read files in the user's home directory and may launch a browser-based OAuth flow, which are expected for an auth-enabled client but should be documented.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tavily-extract - After installation, invoke the skill by name or use
/tavily-extract - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the extract skill for Tavily's extraction API.
- Extracts clean markdown or text from up to 20 URLs per request.
- Supports both OAuth authentication (automatic browser flow) and API key for flexible setup.
- Offers options for targeted extraction using query and chunking, as well as depth selection for dynamic/JavaScript-heavy pages.
- Provides example usage with both shell scripts and direct curl commands.
- Response includes extracted content, failed URLs, and response time for full transparency.
Metadata
Frequently Asked Questions
What is Tavily Extract?
Extract content from specific URLs using Tavily's extraction API. Returns clean markdown/text from web pages. Use when you have specific URLs and need their... It is an AI Agent Skill for Claude Code / OpenClaw, with 396 downloads so far.
How do I install Tavily Extract?
Run "/install tavily-extract" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tavily Extract free?
Yes, Tavily Extract is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Tavily Extract support?
Tavily Extract is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tavily Extract?
It is built and maintained by Evan Rimer (@evanydl); the current version is v1.0.0.
More Skills