A researcher auditing Perplexity Computer found endpoint addresses and active API tokens exposed in a .npmrc file, which allowed external Claude Code model calls that initially appeared unbilled. Perplexity revoked the tokens to protect the user after explaining the credentials are short-lived, session-bound, and billed to individual accounts, while the researcher warns this design enables token theft via prompt injection and could cause large unexpected charges. #PerplexityComputer #ClaudeCode
Keypoints
- A security audit revealed endpoint addresses and active API tokens stored in a .npmrc file within Perplexity Computer.
- The leaked tokens were usable externally to make Claude Code model calls that did not immediately appear on billing records.
- Perplexity revoked the tokens and clarified they are short-lived, session-specific, and billed to the associated user account.
- The apparent “unlimited” access was caused by asynchronous billing delays, not an actual lack of metering.
- The researcher warns that prompt-injection extraction of session tokens is a critical design flaw that could impose large unforeseen charges on victims.