← 返回 Skills 市场
aysun168

Tavily Skill.Bak

作者 aysun168 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
95
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install tavily-skill-bak
功能描述
Use Tavily API for real-time web search and content extraction. Use when: user needs real-time web search results, research, or current information from the...
安全使用建议
The functionality appears to be a simple Tavily API wrapper and the script is short and readable, but there are metadata inconsistencies you should resolve before installing: 1) The skill requires TAVILY_API_KEY (per SKILL.md and tavily-search.sh) yet the registry metadata lists no required credentials — ask the publisher to correct the metadata so required env vars and primary credential are explicit. 2) The ownerId in _meta.json does not match the registry owner ID — verify the publisher's identity or source. 3) Prefer setting the API key in an environment variable rather than storing it in openclaw.json unless you trust that config file's storage and access controls. 4) Inspect or run the included tavily-search.sh in a sandbox to confirm it only calls api.tavily.com and jq, and ensure curl and jq are from trusted system packages. If the publisher cannot explain or fix the metadata/owner mismatch, treat installation as higher risk.
功能分析
Type: OpenClaw Skill Name: tavily-skill-bak Version: 1.0.0 The skill provides a wrapper for the Tavily search API but contains a command injection vulnerability in `tavily-search.sh`. The script directly interpolates the `--query` argument into a shell-expanded string within a `curl` command, which allows for arbitrary command execution if the input contains shell metacharacters (e.g., backticks or subshells). While the functionality aligns with the stated purpose, the lack of input sanitization poses a significant security risk.
能力评估
Purpose & Capability
The skill's name, SKILL.md, and tavily-search.sh consistently implement a Tavily web-search integration using curl and jq, which matches the stated purpose. However, the registry metadata lists no required environment variables or primary credential even though the script and documentation require TAVILY_API_KEY; also _meta.json's ownerId differs from the registry owner ID. These metadata mismatches are inconsistent with the stated purpose.
Instruction Scope
SKILL.md and the script limit actions to forming POST requests to https://api.tavily.com/search and printing JSON via jq. The script only reads the TAVILY_API_KEY environment variable and command-line args. There are no instructions to read unrelated files, exfiltrate data to other endpoints, or perform system-wide operations.
Install Mechanism
This is an instruction-only skill with a small shell script and no install spec; nothing is downloaded or written automatically. No high-risk install URLs or archive extraction are present.
Credentials
The skill clearly requires a Tavily API key (TAVILY_API_KEY) per SKILL.md and tavily-search.sh, but the registry's declared required env vars/primary credential fields are empty. Requesting an API key is proportionate to the skill's purpose, but the omission from metadata is a mismatch that could hide what credentials will be used. Also SKILL.md suggests adding the key to an openclaw.json config — that may store secrets persistently and should be considered riskier than using an environment variable.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and does not modify other skills or system configuration. It does not write files or attempt to store credentials itself; it only instructs the user how to set them.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tavily-skill-bak
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tavily-skill-bak 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Tavily Search skill. - Enables real-time web search and content extraction using the Tavily API. - Provides clear usage guidance with example queries and scenarios for when to use or not use the skill. - Includes setup instructions for configuring your Tavily API key via environment variable or OpenClaw config. - Lists example curl commands for basic search, research, and news queries. - Details supported API parameters and error handling tips. - Suggests alternative tools if Tavily API is not available.
元数据
Slug tavily-skill-bak
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Tavily Skill.Bak 是什么?

Use Tavily API for real-time web search and content extraction. Use when: user needs real-time web search results, research, or current information from the... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 95 次。

如何安装 Tavily Skill.Bak?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tavily-skill-bak」即可一键安装,无需额外配置。

Tavily Skill.Bak 是免费的吗?

是的,Tavily Skill.Bak 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Tavily Skill.Bak 支持哪些平台?

Tavily Skill.Bak 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Tavily Skill.Bak?

由 aysun168(@aysun168)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论