ClawHub

Perplexity Wrapped Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Perplexity web-search skill with expected external API use and no evidence of hidden persistence, local data scraping, or destructive behavior.

Install only if you are comfortable sending search queries and optional agentic instructions to Perplexity, with agentic mode potentially using third-party model providers and web/fetch tools. Use a dedicated API key, monitor costs, avoid secrets or confidential data in queries, and prefer the default wrapped output when another agent will consume results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill metadata/description says all responses are wrapped in untrusted-content boundaries for security, but the documentation later states that `--json` emits raw unwrapped output. This inconsistency can cause downstream agents or users to overtrust the safety guarantees and accidentally consume attacker-controlled web/model output without the documented isolation boundary.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The tool explicitly documents a `--json` mode that emits raw API responses, bypassing the boundary markers and warning text used elsewhere to frame web content as untrusted. If downstream agents or users rely on the skill description/help text to assume all output is wrapped, malicious prompt-injection content from search results or model output could be consumed as trusted instructions.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill metadata/help imply that responses are security-wrapped, but the implementation includes a documented `--json` path that returns unwrapped external content. This mismatch creates a trust-boundary failure: integrators may build automation assuming all outputs are safely delimited, enabling prompt-injection or instruction-confusion when raw content is passed through.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The documentation explains API key setup but does not clearly warn that user queries and possibly fetched content are transmitted to Perplexity and, in agentic mode, to third-party model providers and tool backends. In an agent skill, this omission can lead users or higher-level agents to send sensitive prompts, credentials, or proprietary data to external services without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal