ClawHub

Perplexity

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a Perplexity API helper, and the only negative signal is inconsistent action documentation rather than hidden or harmful behavior.

Before installing, confirm you are comfortable sending chat prompts and embedding inputs to Perplexity under your API key. The publisher should fix the action documents so they accurately describe whether these calls persist or mutate remote state, but the provided evidence does not justify treating the skill as harmful.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documentation misclassifies a chat completion call as a write action that changes Perplexity state, which can mislead an agent or operator into applying the wrong trust and confirmation model. In a tool-using agent context, incorrect side-effect labeling is security-relevant because action classification often drives approval flows, execution policy, and user consent behavior.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The inline warning says the action changes state, but the rest of the file describes only generation of a completion response, creating contradictory safety semantics. Such inconsistency can cause overblocking, user confusion, or flawed automation decisions, and in agent ecosystems any mismatch between documented effects and actual effects is a meaningful security/control integrity issue.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation for an embeddings-generation action incorrectly labels it as a write action that changes Perplexity state. This can mislead an agent into applying unnecessary confirmation logic or, more importantly, distort trust boundaries around what the action actually does, increasing the chance of unsafe orchestration and operator confusion.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The inline note directly contradicts the action's stated purpose by asserting that creating embeddings changes Perplexity state. Contradictory operational guidance in skill docs is dangerous because agents may rely on these cues for policy decisions, causing incorrect execution behavior, degraded safety checks, or improper user consent handling.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal