Back to plugin

Security audit

You.com

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate You.com search, research, and content-extraction plugin, with only minor metadata and completeness caveats.

If you install this, expect it to contact You.com APIs and to use a You.com API key if you want research or content extraction features. The visible behavior is coherent with the description. For higher confidence, review the full untruncated index.ts from the official youdotcom-oss/agent-skills source, since the provided report truncated part of the main runtime file.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:102
Evidence
const apiKey = [REDACTED]?.selectedProvider