Perplexity Search

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Perplexity/AIsa search helper that sends user queries to an external API using the user's AISA API key.

Install this only if you intend to use AIsa/Perplexity through your own AISA_API_KEY. Use a dedicated key where possible, monitor any quota or billing impact, and avoid sending secrets, regulated data, or proprietary internal material in queries or optional system messages unless external processing by api.aisa.one is acceptable for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill declares that it requires environment access and makes outbound network requests, but it does not declare explicit permissions despite those capabilities being central to its operation. This can weaken platform-level consent and review controls, making it easier for secrets like AISA_API_KEY and user-provided queries to be transmitted externally without a clear permission boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal