File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- index.ts:102
- Evidence
const apiKey = [REDACTED]?.selectedProvider
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a legitimate You.com search, research, and content-extraction plugin, with only minor metadata and completeness caveats.
If you install this, expect it to contact You.com APIs and to use a You.com API key if you want research or content extraction features. The visible behavior is coherent with the description. For higher confidence, review the full untruncated index.ts from the official youdotcom-oss/agent-skills source, since the provided report truncated part of the main runtime file.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED]?.selectedProvider