Perplexity Search Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: perplexity-search-skill Version: 1.0.0 The skill is designed for web searching via the Perplexity API, demonstrating strong security practices. It securely handles the API key by loading it from environment variables, performs input validation on parameters, and sanitizes all output to prevent terminal injection. The Python script uses only standard libraries, eliminating supply chain risks, and includes robust error handling with network timeouts. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the OpenClaw agent in any of the analyzed files (SKILL.md, scripts/search.py, README.md, SECURITY_AUDIT.md).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches run under the user's Perplexity account and may consume API quota or incur usage-based charges.
The script reads the user's Perplexity API key from the environment and uses it as a bearer token for API requests. This is expected for the stated search purpose, but it is still account-authorized access.
api_key = os.environ.get("PERPLEXITY_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated or revocable Perplexity API key if possible, store it securely, and monitor Perplexity API usage.
Search terms may reveal interests, research topics, or business context to the Perplexity API provider.
The user's search query is sent to Perplexity's external API. This is central to the skill's purpose and is clearly disclosed, but it creates an external data flow.
url = "https://api.perplexity.ai/search" ... payload = {"query": query, "max_results": min(max(count, 1), 10)}Avoid putting secrets or highly sensitive private information into search queries, and review Perplexity's data handling terms if that matters for your use case.