web-search-tavily

Warn

Audited by Socket on Jul 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill's search/research capabilities broadly match its stated purpose, and the Gooseworks login path appears same-org documented. However, the skill is presented as a Tavily integration while routing all requests and bearer credentials through Gooseworks proxy endpoints instead of Tavily's official API, and it reads local credential files directly. This is not confirmed malware, but the intermediary data flow and credential handling make it a medium-risk skill.

Confidence: 89%Severity: 66%
Audit Metadata
Analyzed At
Jul 2, 2026, 06:17 AM
Package URL
pkg:socket/skills-sh/athina-ai%2Fgoose-skills%2Fweb-search-tavily%2F@eb0d8881a021c5413d0ce3d61af3c2e5166bd9a0d392f0a6396e9e03dc505abd
Security Audit — socket — web-search-tavily