Back to plugin

Security audit

You.com

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal You.com search, research, and content-extraction plugin, and its credential use matches that purpose.

This plugin looks coherent for a You.com integration. If you only need basic search, you may not need to provide an API key; if you enable research or content extraction, expect to provide a You.com YDC_API_KEY. The provided index.ts artifact was truncated, so this assessment is based on the visible source plus tests and metadata rather than the complete runtime file.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:102
Evidence
const apiKey = [REDACTED]?.selectedProvider