Perplexity

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Perplexity/OneKey Gateway wrapper, with the main caveat that inputs go to an external service and may use a shared demo key if no user key is set.

Install only if you are comfortable sending queries and prompts to OneKey Gateway and Perplexity. Set your own DEEPNLP_ONEKEY_ROUTER_ACCESS key for private or accountable use, avoid submitting secrets or confidential data, and review the third-party dependencies before using this in a sensitive environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The code embeds a default router access key via `os.getenv(..., "BETA_TEST_KEY_MARCH_2026")`, so the script will authenticate to an external service even when no operator-supplied credential is configured. Hardcoded fallback secrets are dangerous because they enable unintended external access, make credential exposure likely if the code is shared, and can let unauthorized users consume a shared account or reach services the user did not explicitly approve.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The script loads a router credential from an environment variable but silently falls back to a hardcoded default key, which effectively embeds a usable secret in the skill. If that fallback key is valid, any user or downstream system running the script may gain unauthorized access to the OneKey router, enabling abuse of paid services, impersonation, or access beyond what the skill description justifies.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The README explicitly states that if no key is provided, the scripts fall back to a demo key `BETA_TEST_KEY_MARCH_2026`. Embedding or advertising a shared fallback credential encourages unauthenticated or unintended use of a common secret, which can lead to abuse, quota exhaustion, attribution confusion, and accidental dependence on non-user-controlled credentials.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script embeds a default router access credential in code via a fallback environment value, which means the tool may silently authenticate with a shared or unintended secret when no explicit credential is configured. Hardcoded default credentials are dangerous because they can be extracted from source, reused across environments, and cause unauthorized access, billing abuse, or data exposure through the upstream gateway.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The tool forwards user-supplied payload data, including the required 'messages' field, to a remote API without any disclosure, consent prompt, or data classification guardrail. In an agent-skill context, this is risky because callers may assume local processing and unintentionally transmit sensitive prompts, personal data, internal documents, or secrets to a third-party service.

Missing User Warnings

Low

Confidence: 98% confidence
Finding: The script reads a credential from the environment but falls back to a hardcoded default token-like value when the environment variable is absent. Embedding a default secret in code is dangerous because it can become a shared credential across deployments, be harvested from source, and enable unauthorized access to the upstream router service.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This script accesses a sensitive router credential and silently falls back to an embedded credential without notifying the user. In a generic tool-wrapper skill, that reduces transparency about authentication context and can cause users to unknowingly operate under the author's or vendor's account, increasing the chance of data leakage, unauthorized billing, and hidden trust boundaries.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script forwards the user-supplied `payload` to an external router with `router.invoke(...)` and provides no visible warning, consent, or filtering. Because the required field is `messages`, the payload is likely conversational content that may contain sensitive prompts or data; sending it off-host without disclosure is a meaningful privacy and data-handling risk, especially in an auto-generated wrapper where users may not expect third-party transmission.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The code forwards the full user-supplied payload to a remote service without any notice, consent prompt, or minimization. In a skill context, this matters because users may assume local processing, while their query or attached fields could contain sensitive or proprietary data that is transmitted externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal