Back to plugin

Security audit

Baidu Search Plugins

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward Baidu search plugin that only needs a Baidu API key and sends search requests to the configured Baidu search endpoint.

This plugin looks internally consistent with its stated purpose. Before installing, make sure you are comfortable providing a Baidu API key and sending your search queries to Baidu. Leave `baseUrl` set to the documented Baidu endpoint unless you specifically trust an alternative endpoint, because the plugin will send the API key there.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:55
Evidence
...process.env

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:58
Evidence
env.BAIDU_API_KEY = [REDACTED]();