Is haru3613/perplexity-safe safe?

https://github.com/openclaw/skills/tree/main/skills/haru3613/perplexity-safe

90
SAFE

This is a legitimate security-hardened wrapper for the Perplexity API that includes comprehensive input validation and secure credential handling. The skill transmits user queries to Perplexity's servers as intended functionality, but implements proper security controls to prevent command injection and protect API keys.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM External API Data Transmission -20

The skill transmits user search queries to Perplexity's external API servers. While this is the intended functionality, it means user data leaves the local system and could be logged or processed by the external service.

LOW Executable Bash Script -15

The skill includes an executable bash script that runs with user permissions. However, the script is well-written with comprehensive security controls including input validation, allowlists, and secure credential handling.

INFO API Key and Cost Implications -15

The skill requires a Perplexity API key and usage incurs costs. Users should be aware of potential charges and secure their API keys appropriately.