Echo - OpenClaw Perplexity Ultimate Async Deep Researcher
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
On first use, the agent may download and install a Python dependency, which could affect the execution environment and inherits normal package-supply-chain risk.
The skill auto-installs an unpinned Python package at runtime if the import fails. This is disclosed and related to the skill’s purpose, but it relies on external package provenance and can modify the local Python environment.
subprocess.check_call([sys.executable, "-m", "pip", "install", "perplexityai", "-q"])
Prefer running this in a sandbox or virtual environment, and consider pre-installing a reviewed, pinned version of the Perplexity SDK.
The agent will execute a local Python script to perform searches, so the runtime environment needs appropriate sandboxing and network controls.
The skill’s core workflow requires local Python execution. This is clearly disclosed and aligned with performing async API searches, but users should notice that it is not a purely prompt-only workflow.
You must use your code execution tool (Python) to run the exact script below.
Use the skill only in an environment where Python execution and outbound API access are acceptable.
Research requests may consume Perplexity API quota or incur provider-side usage under the configured key.
The skill uses the user’s Perplexity API key to make provider calls. This is expected for the integration and there is no evidence of hardcoding, logging, or sending the key elsewhere.
client = AsyncPerplexity(
api_key=os.environ.get("PERPLEXITY_API_KEY"),
)Use a dedicated Perplexity API key with appropriate limits and monitor usage.
Search-result snippets can influence the final answer, so inaccurate or adversarial web content could affect the report.
The workflow feeds external web snippets into the agent’s synthesis step. This is central to a web research skill, but retrieved web content is untrusted and may be incomplete or misleading.
Read the JSON output generated by the python script. Synthesize the raw text snippets into a comprehensive, well-structured markdown report
Verify important claims against the cited sources and avoid treating retrieved snippets as instructions to the agent.