中文 EN
Start Review
Skill Trust Decision

search

Skill contains hardcoded API credentials and makes undisclosed external network requests to Tavily's API, with doc-to-code mismatch on credential handling.

Install decision first Source: Manual upload Scanned: Apr 4, 2026
Files 8
Artifacts 5
Violations 0
Findings 5
Most direct threat evidence
High Credential Theft
Hardcoded API Credential in Source Code

A Tavily API key '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' is hardcoded in plugin.ts and providers/tavily.ts. This is a developer/testing key exposed in plaintext that could be harvested and abused.

plugin.ts:75

Why this conclusion was reached

1/4 dimensions flagged
Pass
Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review
Hidden execution and egress

5 lower-risk artifacts were extracted and still need context.

Block
Attack chain and severe findings

The report includes 0 attack-chain steps and 2 severe findings.

Pass
Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

Hardcoded API credential +25

Tavily API key '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' embedded in source code at plugin.ts:75 and providers/tavily.ts:15

Undisclosed external network calls +20

SKILL.md does not mention Tavily API calls; user queries sent to api.tavily.com

Doc-to-code mismatch +10

Documentation presents Tavily as 'Free (dev)' feature without revealing hardcoded key usage

Most important evidence

High Credential Theft

Hardcoded API Credential in Source Code

A Tavily API key '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' is hardcoded in plugin.ts and providers/tavily.ts. This is a developer/testing key exposed in plaintext that could be harvested and abused.

plugin.ts:75
Remove hardcoded credentials. Require users to provide their own TAVILY_API_KEY via environment configuration. Never commit API keys to source code.
High Data Exfil

Undisclosed External API Calls

User search queries are sent to api.tavily.com without clear disclosure in SKILL.md. This means user search behavior data is logged by Tavily's service.

providers/tavily.ts:20
Document all external API endpoints and data flows. Obtain explicit user consent for data transmission to third-party services.
Medium Doc Mismatch

Hardcoded Key Misrepresented as Feature

SKILL.md presents Tavily integration as a 'Free (dev)' feature without disclosing that it relies on a hardcoded development API key rather than user-provided credentials.

SKILL.md:1
Clearly document credential requirements and explain how API keys should be configured.
Low Supply Chain

Hardcoded Windows Path Exposes Environment

References to absolute Windows path 'D:\winopenclaw\workspace\skills\_legacy\tavily\search_tavily_news.py' suggest development on a specific machine with specific directory structure.

plugin.ts:85
Use relative paths or configuration-driven paths. Avoid exposing internal development environment structure.
Low Priv Escalation

Undeclared Shell Execution Capability

Code uses api.exec() for Python script execution, implying shell:WRITE capability that is not declared in SKILL.md.

plugin.ts:84
Document shell execution as a required capability if intentional, or refactor to use safer alternatives.

Declared capability vs actual capability

Network Pass
Declared READ
Inferred WRITE
plugin.ts:75, providers/tavily.ts:15 - sends data to api.tavily.com
Shell Pass
Declared NONE
Inferred WRITE
plugin.ts:84-86 uses api.exec() for Python script execution

Suspicious artifacts and egress

Medium External URL
http://127.0.0.1:8080

plugin.ts:74

Medium External URL
https://www.baidu.com/s?wd=$

plugin.ts:147

Medium External URL
https://cn.bing.com/search?q=$

plugin.ts:148

Medium External URL
https://www.google.com/search?q=$

plugin.ts:149

Medium External URL
https://api.tavily.com/search

providers/tavily.ts:12

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
fetch built-in Node.js No Native fetch used for HTTP requests
crypto built-in Node.js No Used for MD5 cache key hashing

File composition

8 files · 465 lines
TypeScript 5 files · 389 linesYAML 1 files · 46 linesMarkdown 1 files · 25 linesJSON 1 files · 5 lines
Files of concern · 3
plugin.ts TypeScript · 201 lines
Hardcoded API Credential in Source Code · Hardcoded Windows Path Exposes Environment · Undeclared Shell Execution Capability · http://127.0.0.1:8080 · https://www.baidu.com/s?wd=$ · https://cn.bing.com/search?q=$ · https://www.google.com/search?q=$
providers/tavily.ts TypeScript · 46 lines
Undisclosed External API Calls · https://api.tavily.com/search
SKILL.md Markdown · 25 lines
Hardcoded Key Misrepresented as Feature
Other files · skill.yaml · cache.ts · multi.ts · searxng.ts · _meta.json

Security positives

Rate limiting implemented (20 calls/min) to prevent abuse
In-memory caching reduces redundant API calls
Local SearXNG option respects privacy by keeping searches local
Graceful fallback between search engines
No credential exfiltration or C2 communication detected