vs.xplorer interactive view →

OWASP CISA Security Scanner

AegisQ.owasp-cisa-security-scanner · published by AegisQ verified
MEDIUM
1 finding detected for AegisQ.owasp-cisa-security-scanner — 1 medium.
vsxplorer verdict badge
1 MEDIUM
2
versions scanned
1
sources tracked
277
installs
0.2.0
latest version
2026-05-26 17:29 UTC
last scanned

Source coverage

Findings

MEDIUM child-process-exec Extension spawns subprocesses via child_process
examples/vulnerable-demo.js :66

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

  
  // ❌ LLM02: Executing LLM Output
  async function runAICode(response) {
      const code = response.choices[0].message.content;
      eval(code);  // Critical: Executing untrusted LLM output
  }
  
  // ❌ CISA: Command Injection
  const { exec } = require('child_process');
  function runCommand(userCommand) {
▶     exec(userCommand);  // Critical: Command injection
  }
Affected versions
marketplace 0.2.0

Embed this verdict

vsxplorer badge

[![vsxplorer](https://vsxplorer.veryserious.systems/badge/AegisQ.owasp-cisa-security-scanner.svg)](https://vsxplorer.veryserious.systems/report/AegisQ.owasp-cisa-security-scanner)