Back to plugin

Security audit

Serper Search Provider

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, instructions, and manifest are consistent with a Serper.dev-backed web-search provider and only require a Serper API key; nothing in the bundle requests unrelated credentials or performs suspicious external calls.

This plugin appears to be what it says: a Serper.dev-backed web search provider. Before installing: (1) Decide whether you trust Serper.dev to receive your search queries (they will be sent to https://google.serper.dev/search). (2) Provide a Serper API key via the plugin config (recommended) or the SERPER_API_KEY env var; prefer plugin-scoped storage and rotate the key if concerned. (3) Confirm the plugin's GitHub origin and review commits if you need extra assurance. Note the plugin can be invoked by agents (default behavior) — if you want to restrict autonomous calls, adjust your agent/plugin invocation policies.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.