# IDE-Extension Scan --- ## Header | Field | Value | |-------|-------| | **Report type** | ide-scan | | **Target** | installed VS Code + JetBrains extensions | | **Date** | 2026-05-05 | | **Version** | llm-security v7.4.0 | | **Scope** | 47 VS Code extensions + 12 JetBrains plugins | | **Frameworks** | OWASP LLM Top 10, OWASP Agentic | | **Triggered by** | /security ide-scan | --- ## Risk Dashboard | Metric | Value | |--------|-------| | **Risk Score** | 28/100 | | **Risk Band** | Medium | | **Grade** | C | | **Verdict** | WARNING | | Severity | Count | |----------|------:| | Critical | 0 | | High | 1 | | Medium | 4 | | Low | 7 | | Info | 12 | | **Total** | **24** | **Verdict rationale:** One high-severity finding: a JetBrains plugin (`acme-helper`) declares `Premain-Class` (javaagent retransform) which is the riskiest IDE-extension pattern. --- ## Scan Coverage | IDE | Extensions Scanned | Findings | |-----|-------------------:|---------:| | VS Code | 47 | 8 | | Cursor | 12 (subset of VS Code) | 2 | | IntelliJ IDEA | 12 | 14 | | **Total** | **59** | **24** | --- ## Findings ### High | ID | Extension | IDE | Description | OWASP | |----|-----------|-----|-------------|-------| | IDE-001 | acme-helper | IntelliJ | Declares `Premain-Class` — javaagent retransform attack surface | ASI04 | ### Medium | ID | Extension | IDE | Description | OWASP | |----|-----------|-----|-------------|-------| | IDE-002 | dark-theme-pro | VS Code | Theme contains `extension.js` (theme-with-code) | LLM06 | | IDE-003 | rest-client-typo | VS Code | Typosquat: Levenshtein 2 vs `rest-client` (top-100) | LLM03 | | IDE-004 | ace-helper | IntelliJ | Long `` chain (12 plugins) — large surface | LLM03 | | IDE-005 | json-fast | VS Code | activationEvents includes `*` (broad activation) | ASI04 | ### Low | ID | Extension | IDE | Description | OWASP | |----|-----------|-----|-------------|-------| | IDE-006 | git-graph | VS Code | Native binary `.dylib` shipped (verified signature OK) | — | | IDE-007 | gradle-helper | IntelliJ | Native binary `.so` shipped (Linux ELF) | — | | IDE-008 | vsc-cmd | VS Code | `vscode:uninstall` hook present | — | | IDE-009 | shaded-jar-pro | IntelliJ | Shaded jar advisory (3 jars) | — | | IDE-010 | rest-client-typo | VS Code | Same as IDE-003: typosquat suspicion | LLM03 | | IDE-011 | code-splitter | VS Code | activationEvents `onStartupFinished` (broad) | ASI04 | | IDE-012 | java-fmt | IntelliJ | Premain-Class candidate (lower confidence) | ASI04 | ### Info 12 informational findings (mostly publisher metadata + extension-pack expansions). See envelope for full list. --- ## Per-IDE Recommendations ### VS Code 1. **Medium:** Investigate `dark-theme-pro` — themes should not ship code. 2. **Medium:** Compare `rest-client-typo` to `rest-client` — likely typosquat. Uninstall. 3. **Medium:** Audit `json-fast` activation events; consider replacing with narrower scope. ### IntelliJ IDEA / JetBrains 1. **High:** Manually verify `acme-helper` Premain-Class is legitimate. Consider disabling. 2. **Medium:** Reduce `ace-helper` depends-chain or replace. 3. **Low:** Verify shaded-jar advisories (`shaded-jar-pro`) — known shading is normal but creates supply-chain opacity. --- ## Methodology 7 VS Code-specific checks (blocklist, theme-with-code, sideload, broad activation, typosquat, extension-pack, dangerous hooks) + 7 JetBrains checks (Premain-Class, native binaries, depends chain, theme-with-code, broad activation, typosquat, shaded jars). Reused scanners (UNI/ENT/NET/TNT/MEM/SCR) per extension. Offline mode by default. --- *IDE-scan complete. 59 extensions, 24 findings, 8.9 seconds.*