Perplexity Search Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill transparently performs Perplexity web searches using an API key; the provided code matches that purpose and shows no hidden file access, persistence, or unrelated endpoints.
This looks safe to install if you want Perplexity-powered web search. Be aware that searches are sent to Perplexity and may consume API quota or incur cost, so do not include secrets or confidential information in queries unless that is acceptable.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Searches can use the user's Perplexity account quota or billing through the provided API key.
The skill requires and uses a Perplexity API credential. This is expected for the stated integration and there is no evidence the key is printed or sent elsewhere, but it is still account-bound authority.
key = os.environ.get("PERPLEXITY_API_KEY", "").strip() ... "Authorization": f"Bearer {api_key}"Use a dedicated Perplexity API key if possible, keep it out of prompts and shared files, and monitor usage or costs.
Any sensitive information included in a search query may be transmitted to Perplexity as part of the API request.
The user's search query is sent to an external provider endpoint. This is clearly disclosed and central to the skill's purpose, but it means query text leaves the local agent environment.
API_URL = "https://api.perplexity.ai/chat/completions" ... {"role": "user", "content": args.query.strip()}Avoid putting secrets, private documents, or confidential business details into search queries unless you are comfortable sending them to Perplexity.