ClawHub

Perplexity Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Perplexity/AIsa search helper that sends user-requested queries to the AIsa API using an API key.

Install only if you are comfortable sending search queries and optional system instructions to AIsa/Perplexity using your AISA_API_KEY. Avoid including secrets or sensitive private data in prompts, and consider using a dedicated revocable API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requires environment access to `AISA_API_KEY` and performs outbound network requests, but it does not declare explicit permissions for those capabilities. This creates a transparency and governance gap: users or orchestrators may invoke the skill without understanding that sensitive prompts and API credentials will be used for external calls.

External Transmission

Medium
Category
Data Exfiltration
Content
--system "Respond in markdown with an executive summary first."
```

## Curl Examples

### Sonar
Confidence
90% confidence
Finding
Curl Examples ### Sonar ```bash curl -X POST "https://api.aisa.one/apis/v1/perplexity/sonar" \ -H "Authorization: Bearer $AISA_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal