← Back to Skills Marketplace
918
Downloads
0
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install tavily-search-secure
Description
Tavily API ile güvenli web arama ve URL içerik çıkarma yap. Use when: hızlı web araştırması, kaynaklı sonuç toplama, belirli URL'lerden metin çekme ve özetle...
Usage Guidance
This skill's code appears to do what it says: call Tavily's search/extract endpoints and enforce URL safety checks. Before installing: (1) verify the TAVILY_API_KEY will be provided and treat it as sensitive — the scripts send it to api.tavily.com in request bodies; do not reuse high-privilege keys. (2) Confirm the Tavily service/domain is trustworthy (there's no homepage or source URL listed). (3) Fix the registry metadata mismatch (it should declare TAVILY_API_KEY as a required env var / primary credential). (4) Run the scripts in a sandboxed environment or with least-privilege network rules (restrict egress to the Tavily API) and review request/response logs. If you cannot verify the Tavily endpoint or provenance of the skill, do not supply production credentials — use a throwaway key or decline installation.
Capability Analysis
Type: OpenClaw Skill
Name: tavily-search-secure
Version: 1.0.0
The skill bundle is benign. It provides secure web search and URL content extraction using the Tavily API. The `SKILL.md` file includes explicit security rules, which are robustly implemented in `scripts/extract.mjs` and `scripts/search.mjs`. Key security features include strict URL validation (rejecting private IPs, loopback, localhost, and non-http/https protocols to prevent SSRF), sanitization of all inputs and outputs, and proper handling of the API key via environment variables. There is no evidence of malicious intent, data exfiltration beyond the stated purpose, or prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and the two scripts are coherent: both scripts call https://api.tavily.com (search and extract) and implement the functionality described. However, the registry metadata lists no required environment variables while the SKILL.md and scripts clearly require TAVILY_API_KEY — a bookkeeping/integrity mismatch.
Instruction Scope
SKILL.md directs the agent to run the provided node scripts with a TAVILY_API_KEY. The scripts only perform network calls to api.tavily.com, validate and sanitize inputs, and output results. They explicitly avoid printing the API key and perform host/IPv4/IPv6 checks to block localhost/private addresses (reducing SSRF risk). The scripts do not read other files or secrets.
Install Mechanism
No install spec (instruction-only + included scripts). No external downloads or package installs; code ships in the skill bundle. Risk from install mechanism is low.
Credentials
Functionally the skill only needs one credential (TAVILY_API_KEY), which is proportionate. But the registry metadata incorrectly lists 'Required env vars: none' and 'Primary credential: none' while SKILL.md and the scripts require TAVILY_API_KEY. That mismatch could be accidental but makes it harder to audit/automate safe deployment and lowers trust. Also there is no homepage or known source listed to verify the Tavily API/service.
Persistence & Privilege
always:false and no behavior that modifies other skills or system settings. The skill does not ask to persist tokens or change agent configuration. Autonomous invocation is enabled by default (normal) but not combined with other red flags here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tavily-search-secure - After installation, invoke the skill by name or use
/tavily-search-secure - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Rebuilt with security hardening (SSRF blocks, strict URL validation, timeout bounds, sanitized output, no key leakage).
Metadata
Frequently Asked Questions
What is Tavily Search Secure?
Tavily API ile güvenli web arama ve URL içerik çıkarma yap. Use when: hızlı web araştırması, kaynaklı sonuç toplama, belirli URL'lerden metin çekme ve özetle... It is an AI Agent Skill for Claude Code / OpenClaw, with 918 downloads so far.
How do I install Tavily Search Secure?
Run "/install tavily-search-secure" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tavily Search Secure free?
Yes, Tavily Search Secure is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Tavily Search Secure support?
Tavily Search Secure is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tavily Search Secure?
It is built and maintained by fabekar (@fabekar); the current version is v1.0.0.
More Skills