Is AEM Code Snippets safe to use?

AEM Code Snippets has a security risk score of 43.63/100 (MEDIUM risk). Our security analysis detected 52 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of AEM Code Snippets?

Based on our automated security analysis, AEM Code Snippets presents medium risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "AEM Code Snippets" on OpenVSX Registry Safe to Install?

Name: AEM Code Snippets
Availability: InStock
Author: minholee

Verified

minholee · openvsx · v0.0.4

Code snippets for AEM development including HTL, Dialog (XML), and Java Sling Models.

Risk Assessment

Analyzed

43.63

out of 100

MEDIUM

52 security findings detected across all analyzers

Open VSX extension analyzed via package manifest and static code analysis

Severity Breakdown

Critical

High

Medium

Low

Info

Finding Categories

Malware Signatures

IoC Indicators

YARA Rules Matched

5 rules(9 hits)

postinstall network communication postinstall file manipulation postinstall system command postinstall obfuscation postinstall crypto operations

About This Extension

Code snippets for AEM development including HTL, Dialog (XML), and Java Sling Models.

Detailed Findings

19 total

YARA Rule Matches

5 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

URLs

IP Addresses

Domains

Strings

All Indicators · 33

URL

detected URL: http://www.w3.org/1999/02/22-rdf-syntax-ns#

XIOC detected URL: http://www.w3.org/1999/02/22-rdf-syntax-ns#

extracted_from_files

Domain

detected Domain: children.next

XIOC detected Domain: children.next

extracted_from_files

Hash

detected MD5 Hash: BC3AC54BE2D411F0931AF5EAB9CDA40D

XIOC detected MD5 Hash: BC3AC54BE2D411F0931AF5EAB9CDA40D

extracted_from_files

Hash

detected MD5 Hash: BC3AC54CE2D411F0931AF5EAB9CDA40D

XIOC detected MD5 Hash: BC3AC54CE2D411F0931AF5EAB9CDA40D

extracted_from_files

Hash

detected MD5 Hash: BC3AC549E2D411F0931AF5EAB9CDA40D

XIOC detected MD5 Hash: BC3AC549E2D411F0931AF5EAB9CDA40D

extracted_from_files

Hash

detected MD5 Hash: BC3AC54AE2D411F0931AF5EAB9CDA40D

XIOC detected MD5 Hash: BC3AC54AE2D411F0931AF5EAB9CDA40D

extracted_from_files

URL

detected URL: http://ns.adobe.com/xap/1.0/sType/ResourceRef#

XIOC detected URL: http://ns.adobe.com/xap/1.0/sType/ResourceRef#

extracted_from_files

URL

detected URL: http://sling.apache.org/jcr/sling/1.0

XIOC detected URL: http://sling.apache.org/jcr/sling/1.0

extracted_from_files

URL

detected URL: http://www.day.com/jcr/cq/1.0

XIOC detected URL: http://www.day.com/jcr/cq/1.0

extracted_from_files

Domain

detected Domain: sling.apache.org

XIOC detected Domain: sling.apache.org

extracted_from_files

URL

detected URL: http://www.jcp.org/jcr/nt/1.0

XIOC detected URL: http://www.jcp.org/jcr/nt/1.0

extracted_from_files

URL

detected URL: http://schemas.microsoft.com/developer/vsx-schema/2011

XIOC detected URL: http://schemas.microsoft.com/developer/vsx-schema/2011

extracted_from_files

URL

detected URL: http://schemas.microsoft.com/developer/vsx-schema-design/2011

XIOC detected URL: http://schemas.microsoft.com/developer/vsx-schema-design/2011

extracted_from_files

Domain

detected Domain: packages.java.util.date

XIOC detected Domain: packages.java.util.date

extracted_from_files

Domain

detected Domain: schemas.microsoft.com

XIOC detected Domain: schemas.microsoft.com

extracted_from_files

Domain

detected Domain: readme.md

XIOC detected Domain: readme.md

extracted_from_files

URL

detected URL: http://schemas.openxmlformats.org/package/2006/content-types

XIOC detected URL: http://schemas.openxmlformats.org/package/2006/content-types

extracted_from_files

detected IP: d::af

XIOC detected IP: d::af

extracted_from_files

URL

detected URL: http://ns.adobe.com/xap/1.0/

XIOC detected URL: http://ns.adobe.com/xap/1.0/

extracted_from_files

URL

detected URL: http://ns.adobe.com/xap/1.0/mm/

XIOC detected URL: http://ns.adobe.com/xap/1.0/mm/

extracted_from_files

Domain

detected Domain: www.jcp.org

XIOC detected Domain: www.jcp.org

extracted_from_files

Domain

detected Domain: healthcheck.name

XIOC detected Domain: healthcheck.name

extracted_from_files

Domain

detected Domain: resourceprovider.property

XIOC detected Domain: resourceprovider.property

extracted_from_files

Domain

detected Domain: log.info

XIOC detected Domain: log.info

extracted_from_files

Domain

detected Domain: iterator.next

XIOC detected Domain: iterator.next

extracted_from_files

URL

detected URL: http://www.jcp.org/jcr/1.0

XIOC detected URL: http://www.jcp.org/jcr/1.0

extracted_from_files

Domain

detected Domain: packages.com.day.cq.wcm.api.wcmmode.design

XIOC detected Domain: packages.com.day.cq.wcm.api.wcmmode.design

extracted_from_files

Domain

detected Domain: www.day.com

XIOC detected Domain: www.day.com

extracted_from_files

Domain

detected Domain: schemas.openxmlformats.org

XIOC detected Domain: schemas.openxmlformats.org

extracted_from_files

Domain

detected Domain: қ.dm

XIOC detected Domain: қ.dm

extracted_from_files

Domain

detected Domain: www.w3.org

XIOC detected Domain: www.w3.org

extracted_from_files

Domain

detected Domain: ns.adobe.com

XIOC detected Domain: ns.adobe.com

extracted_from_files

detected IP: d::bef

XIOC detected IP: d::bef

extracted_from_files

Security Analysis Summary

Security Analysis Overview

AEM Code Snippets is a OpenVSX Registry extension published by minholee. Version 0.0.4 has been analyzed by the Risky Plugins security platform, receiving a risk score of 43.63/100 (MEDIUM risk) based on 52 security findings.

Risk Assessment

This extension presents moderate security risk. Several findings were detected that may warrant attention. Users should carefully review the permissions and findings before installation.

Findings Breakdown

High: 9 finding(s)
Medium: 33 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

Malware Detection: YARA rule matching against 2,400+ malware signatures
Secret Detection: Scanning for exposed API keys, tokens, and credentials
Static Analysis: Code-level security analysis for common vulnerability patterns
Network Analysis: Detection of suspicious network communications and endpoints
Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

AEM Code Snippets is published by minholee on the OpenVSX Registry marketplace.

Recommendation

Exercise caution with this extension. Review the detailed findings and ensure the requested permissions align with the extension's stated functionality before installation.

Source Code Viewer

Source Code Not Available

Source code is not available for this version of the extension.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

aem-repo

minholee

CRITICAL 2K users

click-build-kiro

minholee

HIGH 16K users

AEM Maven Click Build

minholee

HIGH 84 users

aem-initializr

minholee

HIGH 567 users

compiledcodecoverage

IBM

CRITICAL 967 users

quantconnect

QuantConnect

CRITICAL 2K users

Is "AEM Code Snippets" on OpenVSX Registry Safe to Install?

Risk Assessment

Severity Breakdown

Finding Categories

YARA Rules Matched

About This Extension

Detailed Findings

HASH-0b35ee73a2419378

HASH-b0aa6113aa0849e1

HASH-d59263f243cb6003

HASH-f3b838239a74829e

HASH-ad5d59ddd3b4dc68

HASH-b1b9c3c51bc6317d

HASH-7edb341f477b6d23

HASH-f40320260911545a

HASH-2020c27517f4a31a

HASH-19c02a070d98faf3

YARA Rule Matches

postinstall network communication

postinstall file manipulation

postinstall system command

postinstall obfuscation

postinstall crypto operations

Indicators of Compromise

All Indicators · 33

Security Analysis Summary

Security Analysis Overview

Risk Assessment

Findings Breakdown

What Was Analyzed

Developer Information

Recommendation

Frequently Asked Questions

Similar Extensions

aem-repo

click-build-kiro

AEM Maven Click Build

aem-initializr

compiledcodecoverage

quantconnect