← Back to Skills Marketplace
yi307520559-droid

Tavily Search

by yi307520559-droid · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1193
Downloads
0
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install tavily-search-yourname
Description
AI-optimized web search via Tavily API. Returns concise, relevant results for AI agents.
Usage Guidance
This skill appears coherent: it needs Node and a Tavily API key and simply calls tavily.com endpoints. Before installing, verify the TAVILY_API_KEY you provide is intended for this use and comes from a trusted Tavily account. Note the small metadata mismatch (owner ID) in the package—this may be a packaging/metadata bug; if provenance matters to you, confirm the publisher. Also be aware openclaw-wrapper.js will call the search script with fixed flags (news, 5 results) if you run that wrapper; use scripts/search.mjs directly if you want other options. If you have concerns, run the scripts in a sandboxed environment or inspect network traffic to confirm they only contact api.tavily.com.
Capability Analysis
Type: OpenClaw Skill Name: tavily-search-yourname Version: 1.0.0 The skill bundle is classified as suspicious due to a critical shell injection vulnerability found in `openclaw-wrapper.js`. This file uses `child_process.execSync` to construct a command string by directly embedding user-controlled input (`process.argv[2]`) without proper sanitization or escaping, leading to arbitrary command execution if this wrapper is invoked. While `SKILL.md` does not instruct the agent to use this specific wrapper, its presence in the bundle constitutes a significant security flaw. The other scripts (`scripts/search.mjs`, `scripts/extract.mjs`) handle user input safely by embedding it into JSON payloads for API calls, and `SKILL.md` contains no direct prompt injection attempts.
Capability Assessment
Purpose & Capability
Name/description, required binary (node), required env var (TAVILY_API_KEY), and the code's network calls (https://api.tavily.com/search and /extract) all align with a web-search integration. Minor provenance inconsistency: registry metadata ownerId differs from _meta.json ownerId (possible packaging/metadata error) but this does not change functional alignment.
Instruction Scope
SKILL.md instructs running the included Node scripts; the scripts only read the declared TAVILY_API_KEY and provided CLI args and call Tavily endpoints. They do not read unrelated files, system credentials, or send data to other hosts. Note: openclaw-wrapper.js uses child_process.execSync to invoke search.mjs with fixed flags (forces --topic news and -n 5) which differs from the flexible invocation shown in SKILL.md; this is a behavioral inconsistency (not a secret-access issue).
Install Mechanism
No install spec; this is an instruction-and-script bundle that requires node at runtime. No downloads or archive extraction occur, so install risk is low.
Credentials
Only TAVILY_API_KEY is required and declared as the primary credential. The code uses that key only to call Tavily's API endpoints; no other secrets or environment variables are accessed.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and does not write persistent configuration. It runs on-demand and has no elevated persistence or cross-skill access.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tavily-search-yourname
  3. After installation, invoke the skill by name or use /tavily-search-yourname
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Tavily Search skill. - Provides AI-optimized web search using the Tavily API with clean, relevant results. - Supports adjustable number of results, deep research mode, and topic selection (general or news). - Includes a tool to extract content from specific URLs. - Requires a TAVILY_API_KEY for authentication.
Metadata
Slug tavily-search-yourname
Version 1.0.0
License
All-time Installs 6
Active Installs 6
Total Versions 1
Frequently Asked Questions

What is Tavily Search?

AI-optimized web search via Tavily API. Returns concise, relevant results for AI agents. It is an AI Agent Skill for Claude Code / OpenClaw, with 1193 downloads so far.

How do I install Tavily Search?

Run "/install tavily-search-yourname" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Tavily Search free?

Yes, Tavily Search is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Tavily Search support?

Tavily Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Tavily Search?

It is built and maintained by yi307520559-droid (@yi307520559-droid); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments