← 返回 Skills 市场
Tavily Extract
作者
Evan Rimer
· GitHub ↗
· v1.0.0
· MIT-0
396
总下载
1
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install tavily-extract
功能描述
Extract content from specific URLs using Tavily's extraction API. Returns clean markdown/text from web pages. Use when you have specific URLs and need their...
安全使用建议
This skill generally does what it says (calls Tavily to extract pages), but it has important gaps you should consider before installing:
- It will try to read ~/.mcp-auth/*_tokens.json and extract access_token values; those files can contain other cached auth tokens — only proceed if you trust the skill and the Tavily issuer check in the script.
- The script will run `npx -y mcp-remote ...` to perform OAuth if no token is found. That downloads and executes code from npm at runtime; review the mcp-remote package (or avoid letting the script run it) if you want to reduce risk.
- The metadata didn't list runtime dependencies, but the script requires jq, curl, npx, and standard Unix tools; ensure those are present and safe.
- For minimal exposure, consider creating and providing a dedicated TAVILY_API_KEY (set the env yourself) rather than allowing the script to scan ~/.mcp-auth or auto-run npx.
If you need higher assurance, ask the skill author to: (1) declare required binaries/env in metadata, (2) avoid on-demand npx installs or document the exact npm package & version, and (3) limit or make optional any recursive scans of ~/, or at least clearly describe what files will be read.
功能分析
Type: OpenClaw Skill
Name: tavily-extract
Version: 1.0.0
The skill facilitates web content extraction via the Tavily API and MCP protocol. The `extract.sh` script manages authentication by retrieving tokens from `~/.mcp-auth/` or initiating an OAuth flow using `npx mcp-remote`, with explicit checks to ensure tokens are issued by `tavily.com`. All network and file operations are directly related to the stated purpose of content extraction and authentication, and the script uses `jq` to safely handle JSON inputs.
能力评估
Purpose & Capability
The name/description (use Tavily extract API) matches the script's behavior: it sends requests to Tavily endpoints and tries to obtain a Tavily token. However the registry metadata declares no required env vars or binaries while the script actually expects/uses TAVILY_API_KEY (env), ~/.mcp-auth token files, and external tools (jq, curl, npx, base64, find, sed, grep). This undocumented dependency mismatch is a design/information-quality problem.
Instruction Scope
The SKILL.md documents the OAuth flow and mentions ~/.mcp-auth and ~/.claude/settings.json. The script will recursively search the user's ~/.mcp-auth for *_tokens.json and decode tokens, and if none present it launches an OAuth helper. Reading auth token files in the home directory is functionally related to obtaining a Tavily token, but it is sensitive (may expose presence of other cached tokens) and should have been explicitly declared. The instructions also suggest adding TAVILY_API_KEY to ~/.claude/settings.json which touches agent configuration files — the script itself does not write to those files but the guidance encourages modifying them.
Install Mechanism
There is no install spec, but the runtime script calls 'npx -y mcp-remote ...' to initiate OAuth. That will fetch and execute an npm package on demand. On-demand npm installs are a non-trivial risk vector (remote code executed without an explicit install step). The script also relies on system binaries (jq, curl, base64, find, sed, grep) that are not declared in the registry metadata.
Credentials
The registry declares no required env vars, yet the script uses TAVILY_API_KEY (env) if present, and otherwise searches local token caches. Access to ~/.mcp-auth is sensitive. While these items are explainable (they are used to authenticate to Tavily), the absence of explicit declared credentials/config requirements in metadata is a discrepancy and reduces transparency about what the skill will access.
Persistence & Privilege
The skill is not always-enabled, does not request elevated or persistent system presence, and does not modify other skills' configs. It does read files in the user's home directory and may launch a browser-based OAuth flow, which are expected for an auth-enabled client but should be documented.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tavily-extract - 安装完成后,直接呼叫该 Skill 的名称或使用
/tavily-extract触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the extract skill for Tavily's extraction API.
- Extracts clean markdown or text from up to 20 URLs per request.
- Supports both OAuth authentication (automatic browser flow) and API key for flexible setup.
- Offers options for targeted extraction using query and chunking, as well as depth selection for dynamic/JavaScript-heavy pages.
- Provides example usage with both shell scripts and direct curl commands.
- Response includes extracted content, failed URLs, and response time for full transparency.
元数据
常见问题
Tavily Extract 是什么?
Extract content from specific URLs using Tavily's extraction API. Returns clean markdown/text from web pages. Use when you have specific URLs and need their... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 396 次。
如何安装 Tavily Extract?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tavily-extract」即可一键安装,无需额外配置。
Tavily Extract 是免费的吗?
是的,Tavily Extract 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Tavily Extract 支持哪些平台?
Tavily Extract 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Tavily Extract?
由 Evan Rimer(@evanydl)开发并维护,当前版本 v1.0.0。
推荐 Skills