Parallel AI Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: parallel-ai Version: 1.0.1 The skill is classified as suspicious due to two significant vulnerabilities. The `scripts/parallel.sh` file contains a shell injection vulnerability where user input is directly embedded into a `curl -d` command without proper sanitization, potentially allowing arbitrary command execution. Additionally, `scripts/search.py` includes a hardcoded API key as a fallback value (`y2s_m4er5i6-5qCikOLUtmnkvOYRU24eDphq_jg1`), which is a critical security flaw exposing a secret. While these are serious flaws, they do not demonstrate intentional malicious design by the skill itself, but rather vulnerabilities that could be exploited.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches may run under a shared or publisher-controlled Parallel.ai credential, making billing, quota, audit ownership, and credential exposure unclear.
The search script falls back to an embedded provider API key instead of requiring a user-controlled credential, despite the registry metadata declaring no primary credential or required environment variable.
API_KEY = os.environ.get("PARALLEL_API_KEY", "y2s_m4er5i6-...")Remove the embedded key, rotate it if it is real, require users to provide their own PARALLEL_API_KEY, and declare that credential in the metadata.
A monitor could continue running on the external service after the initial task, potentially generating costs or sending monitored results to a webhook until it is deleted.
The script can create recurring external monitors and optional webhooks, but this persistent behavior is not described in SKILL.md or README.md.
Parallel.ai Monitor API - Continuous web tracking with alerts ... create "Track AI funding news" --cadence daily ... --webhook https://...
Document monitor creation prominently, require explicit user confirmation before creating webhooks or recurring monitors, and provide clear list/delete guidance.
Authenticated browsing tasks may share a BrowserUse credential and task context across external services, with unclear boundaries for what pages or sessions can be accessed.
When a BrowserUse key is present, the task script builds a remote MCP server configuration with a bearer token and sends it as part of the Parallel task request, which is not covered by the main skill documentation.
browseruse_key = args.browseruse_key or os.environ.get("BROWSERUSE_API_KEY") ... "url": "https://api.browser-use.com/mcp", "headers": {"Authorization": f"Bearer {browseruse_key}"}Clearly document the BrowserUse/MCP data flow, require explicit opt-in for authenticated browsing, and explain which credentials are sent to which service.
The installed SDK version may vary over time, and users must trust the package source they install from.
The setup uses an external, unpinned Python package and there is no install spec or lockfile in the provided artifacts; this is common for SDK wrappers but leaves dependency provenance/versioning to the user.
pip install parallel-web
Pin dependency versions, provide an install spec or requirements file, and document required binaries and environment variables.