Removed from Marketplace
Flags items that have been removed or delisted from the marketplace, potentially due to security vulnerabilities, or malicious behavior. Such extensions pose a risk as they are no longer maintained or patched.
high
Findings
Unverified Publisher
Flags items published by entities that haven’t gone through the publisher verification process of the marketplace. Lack of verification may indicate higher risk, as the publisher’s identity and trustworthiness are unconfirmed.
medium
Auto-Installs Additional Extensions
Flags items that automatically install additional extensions as part of their installation. While this is a common way to distribute curated toolsets, it results in other extensions being installed silently - bypassing individual policy evaluation and running code the user never explicitly chose to install.
medium
All findings are available for Enterprise users
Code analysis
AI-powered analysis of the extension's source code for security insights and risk assessment.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
CODE INSIGHTS ARE AVAILABLE FOR ENTERPRISE USERS
API Calls
API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
API CALLS ARE AVAILABLE FOR ENTERPRISE USERS
Secrets
Any encoded/decoded secrets we managed to find in the source code, git repository, or related files
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
SECRETS ARE AVAILABLE FOR ENTERPRISE USERS
Vulnerabilities
Known vulnerabilities and security issues detected in the extension's dependencies and code.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
VULNERABILITIES ARE AVAILABLE FOR ENTERPRISE USERS
External communication
Any identifiers we detected that may indicate external communication from the item's code
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
EXTERNAL COMMUNICATIONS ARE AVAILABLE FOR ENTERPRISE USERS
Dependencies
Dependencies and third-party libraries used by the extension, including version information and license details.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
DEPENDENCIES ARE AVAILABLE FOR ENTERPRISE USERS
Licenses & Compliance
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
LICENSES & COMPLIANCE ARE AVAILABLE FOR ENTERPRISE USERS