File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- index.js:231
- Evidence
const apiKey = [REDACTED] || readAgntConfig()?.apiKey
Security audit
Security checks across malware telemetry and agentic risk
This YouTube data plugin mostly does what it says, but it also includes under-disclosed tools for retrieving channel email addresses.
Install only if you are comfortable granting this plugin an agntdata API key and allowing agents to retrieve YouTube channel email addresses through agntdata. Treat email lookup as sensitive contact-data access, use it only with authorization, and avoid installing it in contexts where agents may autonomously enrich creators or collect outreach targets.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED] || readAgntConfig()?.apiKey