Perplexity
v0.1.0Auto-generated skill for perplexity tools via OneKey Gateway.
⭐ 0· 105·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Perplexity via OneKey Gateway) match the code and runtime instructions: the scripts call a OneKeyAgentRouter and invoke perplexity_* APIs. However, registry metadata at the top of the report claimed 'Required env vars: none' while the SKILL.md and the scripts require DEEPNLP_ONEKEY_ROUTER_ACCESS — an inconsistency you should be aware of.
Instruction Scope
SKILL.md instructs the agent to use the DEEPNLP_ONEKEY_ROUTER_ACCESS key and the included CLI/python scripts accept JSON payloads and forward them to OneKey Gateway. The runtime instructions and scripts do not attempt to read unrelated system files or extra environment variables. Important privacy note: payloads (messages, queries) are sent to a remote service; the scripts default to a shared demo key (BETA_TEST_KEY_MARCH_2026) if you don't set your own key, which may expose your inputs to a shared/demo account.
Install Mechanism
Installation is via public package managers (npm -g install @aiagenta2z/onekey-gateway and pip install ai-agent-marketplace) as declared in SKILL.md. There is no custom download-from-URL or archive extraction. Installing packages from npm/PyPI runs third-party code — normal but requires trusting those packages. Also note: the registry metadata earlier said 'No install spec' while SKILL.md contains install commands—another small inconsistency.
Credentials
The single required credential (DEEPNLP_ONEKEY_ROUTER_ACCESS) is proportional to the skill's purpose (a gateway API key). The concern is the fallback demo key hardcoded in scripts: if users do not set their own key, their inputs will be routed through a shared/demo account. That is a privacy/exfiltration risk for sensitive data, not an indicator of unrelated credential access.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and is user-invocable with normal autonomous invocation allowed. No elevated persistence privileges are requested.
Assessment
This skill appears to do what it claims (wrap Perplexity tools via OneKey Gateway), but take these precautions before installing:
- Provide your own DEEPNLP_ONEKEY_ROUTER_ACCESS key (do not rely on the demo fallback key), because any data you send will be forwarded to the remote gateway and could be exposed if the demo key is used.
- Review and vet the two third-party packages (ai-agent-marketplace on PyPI and @aiagenta2z/onekey-gateway on npm). Installing packages executes their code on your system.
- Note the small inconsistencies in metadata (the registry listed no required env/install but SKILL.md does). Confirm the expected environment variables and install steps with the skill author or documentation.
- Avoid sending highly sensitive secrets or personal data through the skill unless you trust the OneKey Gateway provider and have an account/key configured.
If you want higher assurance, request the publisher/source identity and independently inspect the referenced packages (and the OneKey Gateway docs) before enabling this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk978y3m51ar8gg85bs327nwg8h83d2gw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.