Perplexity AI Search - security-hardened version (bash-based)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: perplexity-safe Version: 1.0.1 The `scripts/perplexity_search.sh` script is well-hardened against command injection and API key exposure, validating inputs and securely handling credentials as claimed in `SKILL.md`. However, the `_claude/settings.local.json` file grants `WebFetch` permissions to `github.com`, `raw.githubusercontent.com`, and `api.github.com`. These permissions are not utilized by the provided script, which only interacts with `api.perplexity.ai`. This over-permissioning represents a vulnerability, as it grants capabilities beyond the skill's stated purpose, making the bundle suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The key can authorize billable Perplexity API usage, so misuse or overuse could create charges.
The script retrieves a Perplexity API key from local configuration or an environment variable and uses it as a bearer token for API requests.
if [[ -n "${PERPLEXITY_API_KEY:-}" ]]; then ... echo "$PERPLEXITY_API_KEY" ... -H "Authorization: Bearer $API_KEY"Use a dedicated Perplexity API key, monitor usage and spending, and store the key securely.
Search queries leave the local environment and are processed by Perplexity, which may matter for private or sensitive questions.
User queries, and any optional system prompt, are sent to the Perplexity API as part of the intended search workflow.
PERPLEXITY_API_URL="https://api.perplexity.ai/chat/completions" ... messages.append({"role": "user", "content": query}) ... curl -s -X POST "$PERPLEXITY_API_URL"Avoid sending secrets, confidential documents, or sensitive personal data in queries unless Perplexity’s terms and privacy handling are acceptable.
A user may not realize before reading SKILL.md that the skill needs bash, curl, python3, and a Perplexity API key.
The registry metadata does not declare the practical dependencies and credential setup that the skill documentation describes.
Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none
Update metadata to declare the external API credential and runtime dependencies so installation expectations are clear.
This may grant extra web-fetch permissions unrelated to the skill’s documented Perplexity workflow.
The package includes a local permission settings file for GitHub WebFetch domains, which is not explained by the Perplexity API search purpose.
"allow": ["WebFetch(domain:github.com)", "WebFetch(domain:raw.githubusercontent.com)", "WebFetch(domain:api.github.com)"]
Remove the .claude/settings.local.json file from the published skill unless GitHub WebFetch access is intentionally required and documented.