Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- index.ts:55
- Evidence
...process.env
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a straightforward Baidu search plugin that only needs a Baidu API key and sends search requests to the configured Baidu search endpoint.
This plugin looks internally consistent with its stated purpose. Before installing, make sure you are comfortable providing a Baidu API key and sending your search queries to Baidu. Leave `baseUrl` set to the documented Baidu endpoint unless you specifically trust an alternative endpoint, because the plugin will send the API key there.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
...process.env
env.BAIDU_API_KEY = [REDACTED]();