raycast-extensions
Warn
Audited by Socket on Jun 30, 2026
1 alert found:
AnomalyAnomalyevals/fixtures/dictionary-flawed/src/search.tsx
LOWAnomalyLOW
evals/fixtures/dictionary-flawed/src/search.tsx
No direct indicators of malware behavior are present in this fragment (no obfuscation, dynamic execution, persistence, or covert exfiltration beyond the intended API call). The primary security issue is credential/secret exposure: the API key is hardcoded in client-side code and is transmitted in the URL query string, which can be leaked through bundling/repositories, logs, proxies, and other request metadata. Additionally, the user input is interpolated into the URL without URL encoding, which is a security hygiene and reliability concern. Overall, treat this as a credential-handling risk rather than a malicious payload.
Confidence: 78%Severity: 63%
Audit Metadata