Back to plugin

Security audit

Ceramic Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web search plugin that sends search queries to Ceramic as expected, but users should understand that installing it routes search traffic and an API key through Ceramic-managed services.

Install only if you are comfortable sending search queries, including rewritten variants, to Ceramic’s service and letting this plugin become the preferred web search path for your agent. Do not search for secrets, private customer data, or regulated information unless Ceramic’s policies and your organization’s rules allow it.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.js:36
Evidence
const apiKey = pluginConfig?.apiKey ?? process.env.CERAMIC_API_KEY ?? "";