{ "slug": "tavily-mcp", "tool_id": "npm/tavily-mcp", "verdict_url": "/verdict/tavily-mcp", "verdict_content_hash": "sha256:d13b0bd08a52986c0be20d86c37af0b6b17475f2869b14924feb9e34e02d2528", "version": "0.2.20", "commit": "fc09f6e5e76622987e0688ad061047cb240062db", "dist_shasum": "79e9eff09c836f6cb4f069876e1d9d2e8a0616f7", "scanned_at": "2026-06-14T00:00:00Z", "capture_self_test": "verified — a beacon decoy was emitted from the tool's network context; its presence in the intercept means a 'no egress' result would have been trustworthy.", "method": "Installed and run in an isolated container; fed traceable decoy data; all outbound traffic intercepted (TLS broken via own CA, iptables transparent redirect). Endpoints, resolved geo/jurisdiction and frequency are observed facts. Capture self-test passed.", "request_count": 5, "captured_requests": [ { "method": "POST", "scheme": "https", "host": "api.tavily.com", "path": "/search", "headers": { "Accept": "application/json", "Content-Type": "application/json", "X-Tavily-Access-Mode": "keyless", "X-Client-Source": "tavily-mcp-keyless", "X-Session-Id": "d68aa914-32e1-4668-a838-fa0ea8c83bc3", "User-Agent": "axios/1.17.0", "Content-Length": "501", "Accept-Encoding": "gzip, compress, deflate, br", "Host": "api.tavily.com", "Connection": "keep-alive" }, "body_redacted": "{\"query\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"search_depth\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"topic\":\"general\",\"include_domains\":[\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"],\"exclude_domains\":[\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"],\"country\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"start_date\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"end_date\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"}", "blocked": true, "tls_inspected": true }, { "method": "POST", "scheme": "https", "host": "api.tavily.com", "path": "/extract", "headers": { "Accept": "application/json", "Content-Type": "application/json", "X-Tavily-Access-Mode": "keyless", "X-Client-Source": "tavily-mcp-keyless", "X-Session-Id": "d68aa914-32e1-4668-a838-fa0ea8c83bc3", "User-Agent": "axios/1.17.0", "Content-Length": "289", "Accept-Encoding": "gzip, compress, deflate, br", "Host": "api.tavily.com", "Connection": "keep-alive" }, "body_redacted": "{\"urls\":[\"http://canary-directed-edd5879f.trace.invalid/canary-edd5879f-url-251421224cdd\"],\"extract_depth\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"format\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"query\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"}", "blocked": true, "tls_inspected": true }, { "method": "POST", "scheme": "https", "host": "api.tavily.com", "path": "/crawl", "headers": { "Accept": "application/json", "Content-Type": "application/json", "X-Tavily-Access-Mode": "keyless", "X-Client-Source": "tavily-mcp-keyless", "X-Session-Id": "d68aa914-32e1-4668-a838-fa0ea8c83bc3", "User-Agent": "axios/1.17.0", "Content-Length": "461", "Accept-Encoding": "gzip, compress, deflate, br", "Host": "api.tavily.com", "Connection": "keep-alive" }, "body_redacted": "{\"url\":\"http://canary-directed-edd5879f.trace.invalid/canary-edd5879f-url-251421224cdd\",\"instructions\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"select_paths\":[\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"],\"select_domains\":[\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"],\"extract_depth\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"format\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"chunks_per_source\":3}", "blocked": true, "tls_inspected": true }, { "method": "POST", "scheme": "https", "host": "api.tavily.com", "path": "/map", "headers": { "Accept": "application/json", "Content-Type": "application/json", "X-Tavily-Access-Mode": "keyless", "X-Client-Source": "tavily-mcp-keyless", "X-Session-Id": "d68aa914-32e1-4668-a838-fa0ea8c83bc3", "User-Agent": "axios/1.17.0", "Content-Length": "304", "Accept-Encoding": "gzip, compress, deflate, br", "Host": "api.tavily.com", "Connection": "keep-alive" }, "body_redacted": "{\"url\":\"http://canary-directed-edd5879f.trace.invalid/canary-edd5879f-url-251421224cdd\",\"instructions\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"select_paths\":[\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"],\"select_domains\":[\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"]}", "blocked": true, "tls_inspected": true }, { "method": "POST", "scheme": "https", "host": "api.tavily.com", "path": "/research", "headers": { "Accept": "application/json", "Content-Type": "application/json", "X-Tavily-Access-Mode": "keyless", "X-Client-Source": "tavily-mcp-keyless", "X-Session-Id": "d68aa914-32e1-4668-a838-fa0ea8c83bc3", "User-Agent": "axios/1.17.0", "Content-Length": "127", "Accept-Encoding": "gzip, compress, deflate, br", "Host": "api.tavily.com", "Connection": "keep-alive" }, "body_redacted": "{\"input\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\",\"model\":\"FILE-CONTENT::canary-edd5879f-file-95add22b7836::END\"}", "blocked": true, "tls_inspected": true } ], "reproduce": { "scanner": "canary-sandbox (open methodology; Docker backend)", "command": "python -m canary.cli scan --backend docker # target: npm tavily-mcp@0.2.20", "note": "Re-run it yourself: the scanner installs the pinned version, drives the tool over MCP, and intercepts all egress." }, "note": "Raw captured outbound requests from one sandbox run (identifiers/keys redacted). This is the underlying observation behind the verdict — re-run the scan to verify.", "verification": "verdict_content_hash = sha256 over the canonical verdict JSON; dist_shasum = the npm tarball checksum of the pinned version. Signed artifacts + an append-only immutable log are on the roadmap (toward independent verifiability).", "verdict_signature": "ed25519:RTgxTmND+U6YRZGNq+UjdTiWawz0gE69zVsZS25LtrTqcqYvcelTrDn+4GlvUTviNATExYqcwg9UOi37OGP+Bw==" }