Back to plugin

Security audit

Openclaw Youdotcom

Security checks across malware telemetry and agentic risk

Overview

This appears to do what it says: provide You.com web search, research, and page-content extraction, with only minor metadata/documentation inconsistencies.

This skill looks internally coherent for a You.com search/research/content-extraction plugin. If you install it, expect it to use or request a You.com API key for research and content extraction, while basic search may work without one. The main caveat is that the provided index.ts content was truncated and the external @youdotcom-oss/api dependency was not shown, so review the full source/dependency if you need higher assurance.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:102
Evidence
const apiKey = [REDACTED]?.selectedProvider