native-web-search
Warn
Audited by Socket on May 14, 2026
1 alert found:
AnomalyAnomalysearch.mjs
LOWAnomalyLOW
search.mjs
No clear evidence of classic malware is visible in this module fragment. However, the tool substantially increases supply-chain/side-loading risk by dynamically importing JavaScript modules from filesystem paths influenced by environment variables and heuristic directory probing; if an attacker can control PI_AI_MODULE_PATH/PI_AI_OAUTH_MODULE_PATH or place malicious dist files at probed locations, import-time arbitrary code execution is plausible. Additionally, it refreshes and persists OAuth credentials to auth.json, which raises the impact of any compromise. Otherwise, network calls appear limited to expected upstream LLM/web-search APIs and results are printed to stdout.
Confidence: 60%Severity: 63%
Audit Metadata