ClawHub

Perplexity Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Perplexity search helper that sends user-provided prompts to AIsa using a disclosed API key.

Install only if you intend to use AIsa as a gateway to Perplexity. Avoid submitting secrets, personal data, proprietary code, regulated data, or confidential internal context unless sharing it with that external API is allowed, and keep AISA_API_KEY in a secure environment or secret manager rather than hardcoding it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly requires network access and use of an environment-stored API key, but the documentation does not declare permissions or prominently warn that user prompts will be transmitted to an external service. In agent ecosystems that rely on declared permissions for user consent and policy enforcement, this mismatch can lead to unintended outbound data sharing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section encourages sending user queries to AIsa/Perplexity but does not warn that the query contents leave the local environment and may contain sensitive or regulated information. The dangerous aspect is privacy leakage through normal use rather than code execution; users may unknowingly transmit confidential prompts, documents, or internal context to a third party.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill requires an API key but does not provide handling guidance, increasing the risk that users expose the credential in shell history, logs, screenshots, or by hardcoding it into commands. While the markdown itself does not exfiltrate the key, poor secret-handling guidance around required credentials is a legitimate security weakness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal