Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- index.js:36
- Evidence
const apiKey = pluginConfig?.apiKey ?? process.env.CERAMIC_API_KEY ?? "";
Security audit
Security checks across malware telemetry and agentic risk
This is a coherent web search plugin that sends search queries to Ceramic as expected, but users should understand that installing it routes search traffic and an API key through Ceramic-managed services.
Install only if you are comfortable sending search queries, including rewritten variants, to Ceramic’s service and letting this plugin become the preferred web search path for your agent. Do not search for secrets, private customer data, or regulated information unless Ceramic’s policies and your organization’s rules allow it.
60/60 vendors flagged this plugin as clean.
Detected: suspicious.env_credential_access
const apiKey = pluginConfig?.apiKey ?? process.env.CERAMIC_API_KEY ?? "";