← Back to Skills Marketplace
darryek

Tavily Search

by 迩康 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
418
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install tavily-search-darry
Description
Tavily 搜索 API 集成 | Tavily Search API Integration. 高质量网络搜索、新闻聚合、信息调研 | High-quality web search, news aggregation, research. 触发词:搜索、search、tavily、新闻.
Usage Guidance
This skill largely does what it says (Tavily search/crawl/extract/research), but review the following before installing: 1) The scripts rely on tools not listed in metadata (curl, jq, base64, npx). Ensure these binaries are present or install them beforehand. 2) On first run the scripts will call 'npx -y mcp-remote ...' which downloads and executes a package from npm to run an OAuth flow — if you prefer not to fetch code at runtime, set TAVILY_API_KEY manually in your agent settings and avoid the OAuth path. 3) The scripts search your home directory for ~/.mcp-auth/*_tokens.json; they only accept tokens whose JWT issuer matches https://mcp.tavily.com/ and check expiry, but this still reads local token cache files — if that is sensitive, run the skill in an isolated environment or remove/inspect that directory first. 4) Network calls target mcp.tavily.com (and docs mention api.tavily.com); verify these domains are expected. If you need lower risk, request the same functionality from a version that documents required binaries and avoids runtime npx fetches. If you decide to proceed, consider specifying TAVILY_API_KEY manually and running in a sandboxed environment.
Capability Analysis
Type: OpenClaw Skill Name: tavily-search-darry Version: 1.0.0 The skill bundle provides integration with Tavily APIs but implements high-risk automated credential discovery. The scripts (crawl.sh, extract.sh, research.sh, and search.sh) recursively search the user's home directory (~/.mcp-auth/) for OAuth tokens and use 'npx' to execute a remote package (mcp-remote) to initiate authentication flows. While the scripts include a security check to verify the JWT issuer is 'https://mcp.tavily.com/' before using a token, the automated scanning of sensitive configuration directories for credentials and the background execution of remote packages represent significant risky capabilities that exceed standard API integration patterns.
Capability Assessment
Purpose & Capability
Name/description match the implemented behavior: scripts call Tavily MCP endpoints (https://mcp.tavily.com) for search/crawl/extract/research and can save crawl output to local files. However, the skill metadata only declares 'bash' as a required binary while the scripts also rely on curl, jq, base64, date, and npx at runtime—these are not declared. The scripts also attempt to discover an OAuth token from a local cache (~/.mcp-auth), which is consistent with an OAuth-friendly client but is not documented in the registry metadata as a required config/access.
Instruction Scope
Runtime instructions and included scripts will: (a) read files under $HOME/.mcp-auth searching for '*_tokens.json', (b) run npx -y mcp-remote to initiate an OAuth browser flow (downloads and executes code from npm at runtime), (c) make outbound HTTPS requests to mcp.tavily.com, and (d) write crawled pages to any output directory you pass. Reading the local MCP auth cache is scope-relevant for OAuth but may be surprising because it inspects user files and could encounter other token files; the script tries to validate tokens by checking the JWT issuer and expiry, which mitigates but does not eliminate the concern.
Install Mechanism
There is no formal install spec, but the scripts call npx -y mcp-remote at runtime. npx will fetch and execute a package from the public npm registry on demand (transient download/execute). That is a moderate-to-high install-time risk compared with an instruction-only script that does not fetch code. The rest of the skill files are local shell scripts (no packaged third-party install), so the primary runtime risk is dynamic npx execution.
Credentials
The skill does not declare any required environment variables in registry metadata, but the scripts use TAVILY_API_KEY if present and will attempt to obtain an OAuth token from ~/.mcp-auth if not. Requesting/using a Tavily API token is proportional to the skill's purpose. Two small issues: (1) TAVILY_API_KEY is optional but not documented in the metadata 'requires.env' (user-facing docs in SKILL.md do mention it), and (2) the script reads ~/.mcp-auth token files — while it filters tokens by issuer and expiry, it still inspects local auth caches which could contain tokens for other tools if stored there.
Persistence & Privilege
The skill is not always: true and does not request persistent elevated platform privileges. It writes crawl output only to an explicit output directory you pass, and it does not modify other skills or global agent settings. Runtime npx execution is transient and not a declared persistent install.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tavily-search-darry
  3. After installation, invoke the skill by name or use /tavily-search-darry
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of tavily-search-darry skill. - Integrates Tavily Search API for high-quality web search, news aggregation, and research. - Provides features such as intelligent search, content extraction, relevance scoring, and advanced news filtering. - Includes support for domain filtering and multiple research tools (crawl, extract, research). - Offers shell script examples for basic and advanced usage. - Authentication via Tavily API Key or OAuth.
Metadata
Slug tavily-search-darry
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Tavily Search?

Tavily 搜索 API 集成 | Tavily Search API Integration. 高质量网络搜索、新闻聚合、信息调研 | High-quality web search, news aggregation, research. 触发词:搜索、search、tavily、新闻. It is an AI Agent Skill for Claude Code / OpenClaw, with 418 downloads so far.

How do I install Tavily Search?

Run "/install tavily-search-darry" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Tavily Search free?

Yes, Tavily Search is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Tavily Search support?

Tavily Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Tavily Search?

It is built and maintained by 迩康 (@darryek); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments