← 返回 Skills 市场
yi307520559-droid

Tavily Search

作者 yi307520559-droid · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1193
总下载
0
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install tavily-search-yourname
功能描述
AI-optimized web search via Tavily API. Returns concise, relevant results for AI agents.
安全使用建议
This skill appears coherent: it needs Node and a Tavily API key and simply calls tavily.com endpoints. Before installing, verify the TAVILY_API_KEY you provide is intended for this use and comes from a trusted Tavily account. Note the small metadata mismatch (owner ID) in the package—this may be a packaging/metadata bug; if provenance matters to you, confirm the publisher. Also be aware openclaw-wrapper.js will call the search script with fixed flags (news, 5 results) if you run that wrapper; use scripts/search.mjs directly if you want other options. If you have concerns, run the scripts in a sandboxed environment or inspect network traffic to confirm they only contact api.tavily.com.
功能分析
Type: OpenClaw Skill Name: tavily-search-yourname Version: 1.0.0 The skill bundle is classified as suspicious due to a critical shell injection vulnerability found in `openclaw-wrapper.js`. This file uses `child_process.execSync` to construct a command string by directly embedding user-controlled input (`process.argv[2]`) without proper sanitization or escaping, leading to arbitrary command execution if this wrapper is invoked. While `SKILL.md` does not instruct the agent to use this specific wrapper, its presence in the bundle constitutes a significant security flaw. The other scripts (`scripts/search.mjs`, `scripts/extract.mjs`) handle user input safely by embedding it into JSON payloads for API calls, and `SKILL.md` contains no direct prompt injection attempts.
能力评估
Purpose & Capability
Name/description, required binary (node), required env var (TAVILY_API_KEY), and the code's network calls (https://api.tavily.com/search and /extract) all align with a web-search integration. Minor provenance inconsistency: registry metadata ownerId differs from _meta.json ownerId (possible packaging/metadata error) but this does not change functional alignment.
Instruction Scope
SKILL.md instructs running the included Node scripts; the scripts only read the declared TAVILY_API_KEY and provided CLI args and call Tavily endpoints. They do not read unrelated files, system credentials, or send data to other hosts. Note: openclaw-wrapper.js uses child_process.execSync to invoke search.mjs with fixed flags (forces --topic news and -n 5) which differs from the flexible invocation shown in SKILL.md; this is a behavioral inconsistency (not a secret-access issue).
Install Mechanism
No install spec; this is an instruction-and-script bundle that requires node at runtime. No downloads or archive extraction occur, so install risk is low.
Credentials
Only TAVILY_API_KEY is required and declared as the primary credential. The code uses that key only to call Tavily's API endpoints; no other secrets or environment variables are accessed.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and does not write persistent configuration. It runs on-demand and has no elevated persistence or cross-skill access.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tavily-search-yourname
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tavily-search-yourname 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Tavily Search skill. - Provides AI-optimized web search using the Tavily API with clean, relevant results. - Supports adjustable number of results, deep research mode, and topic selection (general or news). - Includes a tool to extract content from specific URLs. - Requires a TAVILY_API_KEY for authentication.
元数据
Slug tavily-search-yourname
版本 1.0.0
许可证
累计安装 6
当前安装数 6
历史版本数 1
常见问题

Tavily Search 是什么?

AI-optimized web search via Tavily API. Returns concise, relevant results for AI agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1193 次。

如何安装 Tavily Search?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tavily-search-yourname」即可一键安装,无需额外配置。

Tavily Search 是免费的吗?

是的,Tavily Search 完全免费(开源免费),可自由下载、安装和使用。

Tavily Search 支持哪些平台?

Tavily Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Tavily Search?

由 yi307520559-droid(@yi307520559-droid)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 留言讨论