tavily

SUSPICIOUS: the skill is internally coherent as a Membrane-hosted Tavily integration, but it introduces a third-party intermediary for Tavily auth and data instead of using Tavily's native API path. The install source is official npm and not obviously malicious, yet the unpinned `@latest` CLI execution and credential/data brokerage through Membrane create medium security risk disproportionate to a simple Tavily integration.