raycast-extensions

Warn

Audited by Socket on Jun 30, 2026

1 alert found:

Anomaly
AnomalyLOW
evals/fixtures/dictionary-flawed/src/search.tsx

No direct indicators of malware behavior are present in this fragment (no obfuscation, dynamic execution, persistence, or covert exfiltration beyond the intended API call). The primary security issue is credential/secret exposure: the API key is hardcoded in client-side code and is transmitted in the URL query string, which can be leaked through bundling/repositories, logs, proxies, and other request metadata. Additionally, the user input is interpolated into the URL without URL encoding, which is a security hygiene and reliability concern. Overall, treat this as a credential-handling risk rather than a malicious payload.

Confidence: 78%Severity: 63%
Audit Metadata
Analyzed At
Jun 30, 2026, 04:41 PM
Package URL
pkg:socket/skills-sh/connorads%2Fdotfiles%2Fraycast-extensions%2F@e0a8712bd4b80b9571530b525e274c027467a6194f4ab84c3334261f99674e9c
Security Audit — socket — raycast-extensions