vs.xplorer interactive view →

Security Assistant - AI Security Scanner

AMEOBIUS.security-assistant-vscode · published by AMEOBIUS verified
MEDIUM
1 finding detected for AMEOBIUS.security-assistant-vscode — 1 medium.
vsxplorer verdict badge
1 MEDIUM
1
versions scanned
1
sources tracked
104
installs
1.0.0
latest version
2026-05-26 17:26 UTC
last scanned

Source coverage

Findings

MEDIUM child-process-exec Extension spawns subprocesses via child_process
out/scanner.js :60

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

          }
          // Add output directory
          const workspaceRoot = vscode.workspace.workspaceFolders?.[0].uri.fsPath || '.';
          const outputDir = path.join(workspaceRoot, '.vscode', 'security-reports');
          cliArgs.push('--output-dir', outputDir, '--format', 'json');
          this.outputChannel.appendLine(`Running: ${cliPath} ${cliArgs.join(' ')}`);
          // Track scanners
          const scanners = ['Bandit', 'Semgrep', 'Trivy', 'Nuclei'];
          let currentScanner = 0;
          return new Promise((resolve, reject) => {
▶             const child = cp.spawn(cliPath, cliArgs, {
                  cwd: workspaceRoot,
                  shell: true
              });
              if (token) {
                  token.onCancellationRequested(() => {
                      child.kill();
                      reject(new Error('Scan cancelled'));
                  });
              }
              let stdout = '';
Affected versions
marketplace 1.0.0

Embed this verdict

vsxplorer badge

[![vsxplorer](https://vsxplorer.veryserious.systems/badge/AMEOBIUS.security-assistant-vscode.svg)](https://vsxplorer.veryserious.systems/report/AMEOBIUS.security-assistant-vscode)