Integrate You.com web tools with Vercel AI SDK
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package adds third-party code to the user's project.
The skill directs installation of an external package without a pinned version. This is expected for an SDK integration guide, but users should recognize it as a supply-chain dependency.
npm install @youdotcom-oss/ai-sdk-plugin # or bun add @youdotcom-oss/ai-sdk-plugin # or yarn add @youdotcom-oss/ai-sdk-plugin # or pnpm add @youdotcom-oss/ai-sdk-plugin
Install from the official package source, review the package/version, and pin or lock dependencies in the project as appropriate.
The integration will use a You.com API key to access You.com services.
The skill requires or guides use of a You.com API key, even though the registry metadata lists no required env vars or primary credential. This credential use is purpose-aligned for You.com tools.
Using standard `YDC_API_KEY`? ... Have they set it in their environment? ... Guide them to get key from https://you.com/platform/api-keys
Store the API key in environment variables or a secret manager, avoid committing it to source code, and scope/rotate the key according to You.com's guidance.
The user's application source code may be changed to add You.com tools.
The skill instructs the agent to modify project files, but it first asks whether files are existing or new and which files/tools to use, making the mutation user-directed and aligned with the integration purpose.
Update/Create Files ... Add import for selected tools ... Add selected tools to tools object
Review generated diffs before committing, and test the integration in a development branch before deploying.
User prompts or derived search/content-extraction requests may leave the application and be processed by You.com and the selected model provider.
The integration adds external You.com tools to AI SDK calls. This is the stated purpose, but prompts and tool queries may be sent to external providers.
tools: { search: youSearch() }, ... prompt: 'What are the latest AI developments?'Avoid sending secrets or regulated data in prompts unless the application's privacy and provider agreements allow it.