Search WeChat Official Account articles using OpenClaw's web search, Tavily API, and web fetch capabilities with compliance-focused design.
Security Analysis
high confidenceThe skill's code and runtime behavior diverge from its declared metadata and instructions — it expects a Tavily API key, calls external Node.js scripts and the OpenClaw CLI from absolute paths, and executes other-skill code, none of which is declared in the registry metadata or SKILL.md in full detail.
The description and SKILL.md claim use of OpenClaw web tools and Tavily as optional, but the packaged Python code actually requires a TAVILY_API_KEY, invokes Node.js scripts, and calls the 'openclaw' CLI. The registry metadata lists no required env vars or binaries, so the actual capabilities (need for Node and OpenClaw CLI, and access to Tavily) are not reflected in the declared requirements. The code also hardcodes absolute paths (/root/.openclaw/workspace/skills/...), which implies cross-skill or privileged assumptions that don't match the stated purpose.
SKILL.md describes a three-layer strategy and mentions web_search/web_fetch tools and optional API keys, but the code performs additional actions not clearly documented: it reads ~/.openclaw/tavily-config.json as a fallback, and directly executes a Node.js script at an absolute workspace path. The instructions do not document executing other skills' scripts or requiring Node/OpenClaw binaries, giving the agent broader runtime actions than advertised.
There is no install spec (instruction-only), so nothing is automatically downloaded or installed by the skill bundle itself. That lowers disk-write risk. However, the runtime relies on external binaries (node, openclaw) being present; those are not installed by the skill.
The package metadata declares no required environment variables, yet multiple code paths demand TAVILY_API_KEY (and attempt to load it from ~/.openclaw/tavily-config.json). This is a mismatch: a credential is effectively required but not declared. The skill also inherits the process environment when invoking subprocesses, so it could leak additional env vars to child processes if present.
The skill is not marked always:true and does not persistently modify system config, which is good. However it executes other-skill code by invoking a hardcoded Node script in /root/.openclaw/workspace/skills/tavily-search/scripts/search.mjs and calls the OpenClaw CLI; this means it assumes and acts on workspace files belonging to other skills/runtime and can execute arbitrary code there. Accessing/executing other skills' files is a cross-skill privilege that the SKILL.md and metadata do not disclose.
Guidance
This skill contains mismatches and runtime assumptions you should verify before installing. Specific concerns: - The code expects a TAVILY_API_KEY (and falls back to ~/.openclaw/tavily-config.json) but the skill metadata does not declare this required credential — if you enable the skill and set that env var it will be used by subprocesses. Only provide secrets you trust the skill to use and declare. - The Python code invokes external binaries (node and the OpenClaw CLI) via subprocess; ensure those binaries exist and are the versions you expect. If you don't run node or OpenClaw in the environment, the skill may fail or behave unexpectedly. - The code executes a Node.js script via an absolute path in /root/.openclaw/workspace/skills/... — that means the skill will run code from other skill workspaces. Before enabling, inspect the referenced script (search.mjs) and any other code under that path to ensure it is safe and hasn't been tampered with. - Because the skill spawns subprocesses, it can pass environment variables to child processes. Avoid installing it in environments containing sensitive credentials unless you audited the invoked scripts. Recommended actions: - Ask the publisher to update the registry metadata and SKILL.md to explicitly declare required env vars (TAVILY_API_KEY), required binaries (node, openclaw), and any expected config file paths. - Inspect the referenced Node script (/root/.openclaw/workspace/skills/tavily-search/scripts/search.mjs) and confirm its provenance before allowing the skill to run it. - If possible, run the skill in a sandboxed environment (container) without access to sensitive environment variables or host files until you are comfortable. - If you cannot inspect or sandbox the invoked Node script and you need to keep your environment sealed, do not install or enable this skill. Confidence: high — the mismatch between declared metadata/instructions and the actual code paths (undisclosed env var use, subprocess execution of other-skill scripts, absolute paths) is clear and material.
Latest Release
v1.0.3
- Added Tavily Search API as a secondary search option, expanding from a two-layer to a three-layer search strategy. - Updated documentation to reflect the new search order: primary (Brave Search), secondary (Tavily), fallback (direct web fetch). - Improved fallback logic and error handling, ensuring graceful degradation across all three strategies. - Added example for forcing a specific search strategy in the command-line usage. - Enhanced compliance documentation to clarify API key usage and strategy details.
More by @jixsonwang
Published by @jixsonwang on ClawHub
