Tavily AI Search
AI-optimized web search using Tavily Search API. Use when you need comprehensive web research, current events lookup, domain-specific search, or AI-generated answer summaries. Tavily is optimized for LLM consumption with clean structured results, answer generation, and raw content extraction. Best for research tasks, news queries, fact-checking, and gathering authoritative sources.
暂无可比对内容
需要至少一个上一版本,才能生成差异对比。
Security Scan
状态
suspicious
OpenClaw
gpt-5-mini
OpenClaw 分析
The skill's code and docs match its stated purpose (Tavily search), but the registry metadata omits the API key requirement and the source/homepage is unknown — these inconsistencies and missing provenance warrant caution before installing.
置信度: high
VirusTotal
Type: OpenClaw Skill Name: tavily Version: 1.0.0 The skill bundle provides a Python script for interacting with the Tavily search API, which appears benign and correctly handles API keys. However, the `SKILL.md` documentation includes an 'Integration Patterns' example demonstrating how to chain the search results with `jq` and `curl` to fetch raw content from URLs (`scripts/tavily_search.py "React documentation" --json | jq -r '.results[].url' | xargs -I {} curl -s {}`). While presented as a legitimate content extraction method, this example highlights the agent's capability to execute arbitrary network requests (`curl`) based on search results, which is a high-risk primitive that could be exploited by a malicious prompt to access or exfiltrate data from unintended external or internal network resources. This capability, though not explicitly malicious in its stated purpose, makes the skill suspicious due to the potential for misuse via prompt injection.