perplexity

SUSPICIOUS. The skill's purpose is plausible and the install path is an official npm package, so this is not confirmed malware. However, the actual integration is a Membrane-mediated proxy model: authentication, credential storage/refresh, and Perplexity actions are routed through a third-party platform rather than Perplexity's first-party API, which creates meaningful credential-forwarding and data-flow risk beyond the stated 'Perplexity integration' framing.