File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- index.ts:102
- Evidence
const apiKey = [REDACTED]?.selectedProvider
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a normal You.com search, research, and content-extraction plugin, and its credential use matches that purpose.
This plugin looks coherent for a You.com integration. If you only need basic search, you may not need to provide an API key; if you enable research or content extraction, expect to provide a You.com YDC_API_KEY. The provided index.ts artifact was truncated, so this assessment is based on the visible source plus tests and metadata rather than the complete runtime file.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED]?.selectedProvider