ClawHub

Perplexity Research

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Perplexity research skill that uses a declared API key and network access for its stated purpose, with privacy and secret-handling cautions users should understand.

Install only if you are comfortable sending research prompts, pasted context, conversation history, and any optional location fields to Perplexity. Use a dedicated, rotatable API key with spending controls, keep .env files out of source control, avoid sensitive or regulated data unless your policy allows it, and review copied examples before letting them write local report files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation indicates use of environment-based secrets via `PERPLEXITY_API_KEY`, but the skill metadata does not declare corresponding permissions or clearly scope that capability. This can bypass least-privilege expectations and makes secret access harder to review, especially in agent ecosystems where permission declarations are relied on for trust and policy enforcement.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README says the skill should be used whenever the user requests research, current information, or analysis requiring web search, which is broad enough to match many ordinary prompts. In an agent environment, that can cause over-invocation of an external-search skill and unnecessary disclosure of user prompts or workspace-derived context to a third-party API, especially when a local answer would have been sufficient.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes automatic use of the Perplexity Agent API but does not clearly warn that prompts, research questions, and possibly attached context may be sent to an external service. That omission can lead users or downstream agents to transmit sensitive data without informed consent, which is particularly risky for investment, market, or proprietary research workflows mentioned in the skill.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description is broad enough to activate on many generic requests involving research, trends, investment insights, or current information. Over-broad triggering can cause unintended invocation of a tool that sends prompts to an external API, increasing the chance of unnecessary data exposure and inappropriate use in contexts where a narrower tool should be chosen.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill prominently advertises web search and Perplexity API use but does not warn that user prompts and conversation content may be transmitted to an external third-party service. In an agent setting, this omission can lead users or orchestrators to pass sensitive data into the skill without informed consent, creating confidentiality, compliance, and data-handling risks.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The instructions recommend storing an API key in a local `.env` file without warning about secret hygiene, accidental commits, file permissions, or secure secret storage. While common, this can still lead to credential exposure through source control, shared directories, logs, or misconfigured development environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples send user-provided queries to an external Perplexity-backed service but do not warn that prompts, contextual data, and possibly sensitive research topics will leave the local environment. In a research skill, network use is expected, but lack of disclosure can still cause unintended sharing of confidential business, personal, or regulated data.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The report-generation example writes output to a local path without any prose warning that running it will create or overwrite files on disk. While the code makes the write visible to someone reading Python carefully, example documentation should still disclose file-system side effects because users may copy-paste snippets without fully auditing them.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation encourages use of web search and optional location context but does not warn that the user's prompt content and precise location metadata may be sent to the external Perplexity API. In a research skill, users may supply sensitive business, personal, or regulated data, so the omission can lead to unintended third-party disclosure and privacy/compliance issues.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The setup guidance tells users to export the API key directly in the shell or store it in a .env file without warning about plaintext exposure risks such as shell history, insecure file permissions, accidental commits, or workstation compromise. This is a documentation security weakness rather than an active exploit, but it can still contribute to credential leakage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code sends user queries, and optionally precise location data, to Perplexity's external API via the web_search tool without any explicit user-facing warning, consent check, or privacy notice in the interface. In a research skill, that creates a real privacy risk because users may provide sensitive prompts or location context assuming local-only processing.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The streaming and conversation methods forward arbitrary user prompts and multi-turn message content to an external provider, but the code does not clearly disclose this behavior to the user. This is dangerous when the tool is used in agent workflows because users may unknowingly submit confidential text, proprietary material, or personal data to a third party.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Research and preset modes transmit user-supplied content to a third-party API and, in research mode, also invoke web search, yet the code provides no explicit notice or warning about this data flow. Because this skill is specifically designed for deep research on potentially sensitive topics, the lack of disclosure increases the chance of unintended exposure of confidential user input.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal