Security audit
Serper Search Provider
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, instructions, and manifest are consistent with a Serper.dev-backed web-search provider and only require a Serper API key; nothing in the bundle requests unrelated credentials or performs suspicious external calls.
This plugin appears to be what it says: a Serper.dev-backed web search provider. Before installing: (1) Decide whether you trust Serper.dev to receive your search queries (they will be sent to https://google.serper.dev/search). (2) Provide a Serper API key via the plugin config (recommended) or the SERPER_API_KEY env var; prefer plugin-scoped storage and rotate the key if concerned. (3) Confirm the plugin's GitHub origin and review commits if you need extra assurance. Note the plugin can be invoked by agents (default behavior) — if you want to restrict autonomous calls, adjust your agent/plugin invocation policies.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
