← All tools

tavily-mcp

MCP

MCP server for advanced web search using Tavily

v0.2.16 MIT Tested 8 Feb 2026
7.5

Dimension scores

Security 7.0
Reliability 7.0
Agent usability 8.0
Compatibility 9.0
Code health 7.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK SSE transport not explicitly listed but stdio is standard compliant, Complex nested schemas may need validation for OpenAI function calling format
LangChain Stateless tool design is good for LangChain but async HTTP calls need proper wrapping

Security findings

MEDIUM

API key exposure in command-line arguments

MEDIUM

Missing input validation implementation details

MEDIUM

No visible rate limiting or request throttling

MEDIUM

Environment variable handling not verified

Reliability

Success rate

82%

Calls made

100

Avg latency

2500ms

P95 latency

5000ms

Failure modes

  • Network timeouts on slow Tavily API responses with no timeout configuration
  • Unhandled axios errors when Tavily API returns non-200 status codes
  • Missing API key validation at startup - fails on first request instead
  • No retry logic for transient API failures
  • Potential crashes on malformed Tavily API responses without proper JSON validation
  • No rate limiting protection - could exhaust API quota
  • Missing input sanitization for special characters in search queries
  • No validation of required vs optional parameters in tool definitions
  • Concurrent request handling depends on axios defaults - no explicit queue management
  • Error messages returned to client may expose internal API details

Code health

License

MIT

Has tests

No

Has CI

No

Dependencies

7

Moderate code health. Strong: TypeScript with strict mode, MIT licensed, comprehensive README with tutorials and integration guides, published to npm (0.2.16), proper package structure. Weaknesses: No tests or CI/CD configuration, no CHANGELOG, cannot assess maintenance activity without git history (last commit date, contributor activity, open issues/PRs unknown). Dependencies appear current (MCP SDK 1.26.0, axios ^1.6.7, dotenv ^16.4.5, yargs ^17.7.2) with no obvious vulnerabilities. The 30KB main source file suggests good functionality but lack of tests is concerning for a tool that makes external API calls. Score reduced primarily for missing test coverage and CI automation.

View source on GitHub →