Perplexity Pro Openclaw
MaliciousAudited by ClawScan on May 10, 2026.
Overview
This skill is explicitly built to evade Cloudflare/bot protections while keeping a persistent authenticated browser session, and its VNC/session setup is unsafe for user accounts.
Avoid installing this skill on any account or machine you care about. Its primary function is to bypass bot protections, and it requires a persistent logged-in browser exposed through risky VNC/browser automation. If you still evaluate it, use an isolated disposable server and account, bind VNC to localhost through SSH, change all default passwords, and delete the browser profile when finished.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your account could be used for automated activity on a protected service, which may violate service rules, trigger blocking, or create account-risk exposure.
The core advertised capability is evading a third-party anti-bot/security control while using an authenticated user session.
This skill enables OpenClaw to search Perplexity PRO with persistent authenticated sessions, bypassing Cloudflare protection through undetectable browser automation.
Do not install tools whose purpose is to bypass Cloudflare or bot protections; prefer an official Perplexity API or another authorized integration.
Anyone who can reach the server may be able to attempt remote desktop access to the browser session and the logged-in account.
The documented VNC setup listens on all network interfaces, keeps running, and uses a public default password in the setup example.
x11vnc -display :99 -rfbauth /tmp/vncpass -listen 0.0.0.0 -xkb -forever -shared ... Password: openclaw
Do not expose VNC publicly; if used at all, bind it to localhost, require a strong unique password, use an SSH tunnel, and firewall the port.
The OpenClaw environment and any process that can access the browser profile may be able to reuse your Google/Perplexity session.
The skill asks the user to authenticate with a full Google account and then retain that authenticated session for future automated use.
Use your actual Google password (not App Password) ... Session persists permanently!
Avoid entering a primary Google account into this setup; use official scoped credentials where available, or at minimum use a dedicated account on an isolated machine.
Future agent tasks or local compromise could reuse the same authenticated browser state, and sensitive session data may remain after the intended task ends.
The launcher stores persistent browser state under the OpenClaw home directory and configures Chrome to use a basic password store, making long-lived cookies/session data available across runs.
PROFILE_DIR="${HOME}/.openclaw/browser-profile" ... --user-data-dir=${PROFILE_DIR} ... --password-store=basicUse a dedicated disposable profile and account, restrict file permissions, avoid saving passwords, and provide a clear logout/delete-profile cleanup path.
An authenticated automated browser may remain active after the user’s immediate task, increasing exposure if the host or profile is later accessed.
The script launches long-running Xvfb and Chrome processes in the background and exits after confirming Chrome is reachable, without a paired shutdown or containment workflow.
Xvfb ${XVFB_DISPLAY} -screen 0 1920x1080x24 ... & ... google-chrome ... > "${LOG_FILE}" 2>&1 &Require explicit start/stop controls, document cleanup commands, and avoid leaving authenticated browser automation running unattended.
Users must trust and correctly perform privileged system changes outside the registry’s declared requirements.
The privileged install steps are purpose-aligned for this browser automation setup, but they are manual, privileged, and not represented by an install spec or checksum-pinned package flow.
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb sudo dpkg -i google-chrome-stable_current_amd64.deb sudo apt-get install -y Xvfb x11vnc
Verify package sources, prefer distribution-managed packages where possible, and review privileged install commands before running them.