tavily-mcp

MCP server for advanced web search using Tavily

→ tavily-ai/tavily-mcp· npm: tavily-mcp· listed on npm

Install from

npm npm

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Secret credentials may flow to a network call

4 flows detected: TAVILY_API_KEY. We can’t prove the destination matches the brand the credential belongs to.

⚠️

Known vulnerabilities in dependencies: 4 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

🔐

You'll be asked for 1 credential: TAVILY_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configDEFAULT_PARAMETERS— Note: When using the remote MCP, you can specify default parameters for all requests by including a header containing a JSON object with your desired defaults. Example:

🔐 secretTAVILY_API_KEY— "": "your-api-key-here",

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/tavily-mcp-1xvjkx)](https://m8ven.ai/mcp/tavily-mcp-1xvjkx)

commit: ca98b3c0864e8a3f3b8f26313d1894885076278c

code hash: c646b9220407e6f28713ed67c23daeb0f7d152f742d9c1a697aee72d02fa7768

verified: 4/18/2026, 3:55:21 PM

view raw JSON →