vs.xplorer interactive view →

ArmorIQ Sentry - MCP Security Scanner

armoriq-io.armoriq-sentry · published by armoriq-io verified
HIGH
1 finding detected for armoriq-io.armoriq-sentry — 1 high.
vsxplorer verdict badge
1 HIGH
21
versions scanned
2
sources tracked
300
installs
0.4.15
latest version
2026-05-26 17:29 UTC
last scanned

Source coverage

Findings

HIGH outbound-http-non-ms Outbound HTTP request to non-Microsoft host: api.openai.com
out/scanner/llm-scanner.js :147

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

          }
          catch (error) {
              console.error('[LLMScanner] Analysis failed:', error);
              return [];
          }
      }
      /**
       * Call OpenAI API
       */
      async callOpenAI(userPrompt) {
▶         const response = await fetch('https://api.openai.com/v1/chat/completions', {
              method: 'POST',
              headers: {
                  'Content-Type': 'application/json',
                  'Authorization': `Bearer ${this.apiKey}`,
              },
              body: JSON.stringify({
                  model: this.model,
                  messages: [
                      { role: 'system', content: SAFE_MCP_SYSTEM_PROMPT },
                      { role: 'user', content: userPrompt },
Affected versions
marketplace 0.4.0, 0.4.1, 0.4.10, 0.4.11, 0.4.12, 0.4.14, 0.4.15, 0.4.2, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9
open-vsx 0.4.15

Embed this verdict

vsxplorer badge

[![vsxplorer](https://vsxplorer.veryserious.systems/badge/armoriq-io.armoriq-sentry.svg)](https://vsxplorer.veryserious.systems/report/armoriq-io.armoriq-sentry)