Is "Recce AI (powered by Roo)" on VS Code Marketplace Safe to Install?

Ktoon · vscode · v0.1.0

A whole dev team of AI agents in your editor.

Risk Assessment

Analyzed
100
out of 100
CRITICAL

18498 security findings detected across all analyzers

VS Code extension analyzed via package manifest and static code analysis

Severity Breakdown

0
Critical
1663
High
16761
Medium
74
Low
0
Info

Finding Categories

1000
Malware Signatures

YARA Rules Matched

28 rules(1000 hits)
credential env files postinstall system command postinstall file download postinstall network communication postinstall file manipulation postinstall obfuscation postinstall crypto operations credential git credentials postinstall persistence mechanism DebuggerStatementsShouldNotBeUsed postinstall environment access postinstall registry modification NoUseWeakRandom APT1 WEBC2 Y21K ServerHostnameNotVerified credential gcp credentials +12 more

About This Extension

A whole dev team of AI agents in your editor.

Detailed Findings

1000 total

YARA Rule Matches

28 rules

AI Security Report

AI Security Analysis: Recce AI (powered by Roo)

Analysis generated: 2025-12-12T23:37:09+13:00
Model: gemini-3-pro-preview

Quick Facts
Property Value
UUID 31d6240e-39a5-5e9c-aa23-39754b05e956
Type vscode
Version 0.0.7
Users 168
Risk Score 100.0/100 (CRITICAL)
Malware Detected ⚠️ Yes
Secrets Exposed ✅ No
Critical Vulns ✅ No
AI Analysis Executive Summary

The "Recce AI" extension (Version 0.0.7) presents a CRITICAL security risk and should be immediately uninstalled or blocked from installation. The analysis detected multiple high-severity indicators consistent with malware behavior, specifically "dropper" mechanisms that attempt to download, obfuscate, and execute code immediately upon installation. With an unverified publisher and a perfect risk score of 100/100, this extension poses an immediate threat to system integrity and data confidentiality.

Threat Assessment

The security posture of this extension is extremely poor. The analysis reveals a pattern of behavior typically associated with malicious supply chain attacks or malware droppers rather than a legitimate development tool.

  • Malicious Installation Behavior: The prevalence of postinstall_ YARA matches (Findings 1, 3-10, 13-19) indicates that the extension attempts to perform complex operations immediately after being installed by the package manager. Legitimate extensions typically wait for user interaction. The combination of file downloading, system command execution, and obfuscation during the install phase is a primary indicator of a compromise attempt.
  • Persistence and Evasion: Finding 14 (postinstall_persistence_mechanism) and Findings 1/10 (postinstall_obfuscation) suggest the code is actively trying to hide its logic and establish a foothold on the host system that survives restarts.
  • Data Exfiltration Risk: The extension triggers rules for accessing environment variables (credential_env_files, Finding 12) and network communication (postinstall_network_communication, Finding 8). In the context of an "AI agent," some network traffic is expected, but accessing credential files during a post-install script is highly suspicious.
  • Unverified Origin: The publisher "Ktoon" is unverified, and the extension has a very low user count (168). This lack of reputation, combined with the findings, suggests this may be a testbed for malware or a malicious upload disguised as a productivity tool.
Risk Justification

The 100.0/100 Risk Score is JUSTIFIED and accurate based on the following:

  1. Malware Signatures: The presence of 1,663 High-Severity malware signatures is exceptionally high.
  2. Behavioral Indicators: The specific combination of Obfuscation + File Download + Command Execution + Persistence is the distinct signature of a Trojan or Dropper.
  3. Zero Trust: The publisher has no verification and the extension is in a very early alpha stage (v0.0.7), offering no historical basis for trust.
  4. Scope of Access: As a VS Code extension, it runs with the privileges of the developer, granting it access to source code, SSH keys, and internal network resources.
Key Findings
  • Post-Install Code Execution (Critical): Multiple findings (e.g., Finding 6, 15, 23) indicate the extension executes system commands immediately upon installation. This bypasses standard user consent flows for runtime permissions.
  • Obfuscated Codebase (High): Findings 1, 10, and 19 indicate the use of obfuscation techniques. While sometimes used for IP protection, in conjunction with unverified publishers and system commands, it is a strong indicator of malicious intent to hide payload logic.
  • External Payload Downloading (High): Findings 3, 4, 7, and 16 (postinstall_file_download) suggest the extension fetches additional executable content from the internet that was not vetted by the marketplace store.
  • Persistence Mechanisms (High): Finding 14 indicates code designed to ensure the malicious script runs automatically in the future (e.g., modifying startup items or cron jobs).
  • Credential Harvesting Potential (High): Findings 12 and 21 (credential_env_files) show specific targeting of environment configuration files, which often contain API keys and database secrets.
Recommendations
  1. Immediate Removal: Uninstall the extension immediately from all environments.
  2. Network Blocking: Block the extension ID (31d6240e-39a5-5e9c-aa23-39754b05e956) at the organizational level using VS Code policy management.
  3. Incident Response: If this extension was installed on a machine with access to production secrets or sensitive IP:
    • Rotate all credentials (API keys, SSH keys, AWS tokens) present on that machine.
    • Scan the machine for persistence mechanisms (unrecognized scheduled tasks or startup entries).
  4. Avoid "Roo" Derivatives: The description mentions "powered by Roo." Exercise extreme caution with other extensions claiming similar lineage until the source is verified.
Mitigation Strategies

Given the Critical severity and malware indicators, no mitigation allows for safe use of this specific version. The following are theoretical only:

  • Strict Sandboxing: If analysis is required, run the extension only inside a disposable, non-networked Virtual Machine or a Dev Container with no secrets mounted.
  • Network Isolation: Completely sever network access for the VS Code instance running this extension to prevent payload downloading or data exfiltration.
Confidence Assessment

Confidence Level: 80% (High)

While YARA rules can generate false positives (e.g., a legitimate "postinstall" script running a build process), the convergence of obfuscation, persistence, and credential targeting signatures makes a benign explanation highly unlikely. The sheer volume of findings (18,000+) suggests a massive inclusion of unvetted or malicious code. The only factor preventing 100% confidence is the inability to manually reverse-engineer the specific "unknown_file" blobs mentioned in the report to confirm the exact payload.

Disclaimer

This analysis was generated by an AI model and should be reviewed by security professionals. The findings are based on automated security scanning and may include false positives. Always verify critical findings manually before taking action.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

mt-eden

Ktoon

CRITICAL 554 users

Eden-MT

Ktoon

CRITICAL 42 users

ImmorTerm

Lonormaly

CRITICAL

QuickDB

QuickDB

CRITICAL 26 users

CodeLangTest

yangpan

CRITICAL 40 users

Acrolinx for Visual Studio Code

Acrolinx

CRITICAL 25K users