perplexity

SUSPICIOUS. The skill is broadly coherent as a Perplexity integration, and its install path uses an official npm package rather than an opaque binary. However, all auth and API traffic are routed through Membrane’s third-party platform and proxy instead of directly to Perplexity’s official API, creating a meaningful data-flow and credential-custody risk that is larger than a direct integration. This looks like a legitimate but higher-trust intermediary design, not confirmed malware.