Malicious Activity Detected
Flags items that exhibit confirmed malicious activity.
critical
Analysis summary
Malware versions
0.2.0
malware
0.0.9
Now Viewing
malware
Findings
Unverified Publisher
Flags items published by entities that haven’t gone through the publisher verification process of the marketplace. Lack of verification may indicate higher risk, as the publisher’s identity and trustworthiness are unconfirmed.
medium
All findings are available for Enterprise users
API Calls
API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
All API calls are available for Enterprise users
Secrets
Any encoded/decoded secrets we managed to find in the source code, git repository, or related files
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
All secrets are available for Enterprise users
Vulnerabilities
Known vulnerabilities and security issues detected in the extension's dependencies and code.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
All vulnerabilities are available for Enterprise users
External communication
Any identifiers we detected that may indicate external communication from the item's code
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
All external communications are available for Enterprise users
Code analysis
AI-powered analysis of the extension's source code for security insights and risk assessment.
- Code Analysis
- Functionality:
- The provided code is a self-invoking anonymous function that appears to obfuscate operations related to executing commands and extensions, particularly in a context that seems connected to Visual Studio Code (VSCode).
- It contains several functions that perform operations like command execution using the
execmethod, which can run shell commands within the Node.js environment. - The code involves a mechanism for decoding or evaluat...
- Functionality:
Dependencies
Dependencies and third-party libraries used by the extension, including version information and license details.
All dependencies are available for Enterprise users
Licenses & Compliance
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
All licenses & compliance are available for Enterprise users