File appears to expose a hardcoded API secret or token.
- Code
- suspicious.exposed_secret_literal
- Location
- index.ts:102
- Evidence
const apiKey = [REDACTED]?.selectedProvider
Security audit
Security checks across malware telemetry and agentic risk
This appears to do what it says: provide You.com web search, research, and page-content extraction, with only minor metadata/documentation inconsistencies.
This skill looks internally coherent for a You.com search/research/content-extraction plugin. If you install it, expect it to use or request a You.com API key for research and content extraction, while basic search may work without one. The main caveat is that the provided index.ts content was truncated and the external @youdotcom-oss/api dependency was not shown, so review the full source/dependency if you need higher assurance.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED]?.selectedProvider