Is "Static analyzer for C/C++" on VS Code Marketplace Safe to Install?

FireStarter · vscode · v0.0.4

Static analysis tool for c/c++

Risk Assessment

Analyzed
100
out of 100
CRITICAL

3513 security findings detected across all analyzers

VS Code extension analyzed via package manifest and static code analysis

Severity Breakdown

0
Critical
1237
High
2269
Medium
7
Low
0
Info

Finding Categories

777
Malware Signatures
223
Obfuscation

YARA Rules Matched

11 rules(777 hits)
postinstall file manipulation postinstall system command postinstall file download postinstall registry modification postinstall obfuscation postinstall environment access credential env files postinstall crypto operations postinstall network communication NoUseEval DebuggerStatementsShouldNotBeUsed

About This Extension

Static analysis tool for c/c++

Detailed Findings

1000 total

YARA Rule Matches

11 rules

Security Analysis Summary

Security Analysis Overview

Static analyzer for C/C++ is a Visual Studio Code Marketplace extension published by FireStarter. Version 0.0.4 has been analyzed by the Risky Plugins security platform, receiving a risk score of 100/100 (CRITICAL risk) based on 3513 security findings.

Risk Assessment

This extension presents critical security risk. Severe issues were detected, potentially including malware indicators, exposed secrets, or dangerous behaviors. Installation is strongly discouraged until these issues are addressed.

Findings Breakdown

  • High: 1237 finding(s)
  • Medium: 2269 finding(s)
  • Low: 7 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

  • Malware Detection: YARA rule matching against 2,400+ malware signatures
  • Secret Detection: Scanning for exposed API keys, tokens, and credentials
  • Static Analysis: Code-level security analysis for common vulnerability patterns
  • Network Analysis: Detection of suspicious network communications and endpoints
  • Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

Static analyzer for C/C++ is published by FireStarter on the Visual Studio Code Marketplace marketplace. The extension has approximately 2K users.

Recommendation

This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

Azure Resource Manager (ARM) Tools

Microsoft

CRITICAL 1.5M users

EveryOps Extension

EveryOps-ai

CRITICAL 21 users

SayDeploy - Copilot Assistant

LunarWerx

CRITICAL 96 users

AVAP API Release Manager

AVAP Framework

CRITICAL 94 users

Copilot MCP + Agent Skills Manager

Automata Labs

CRITICAL 92K users

Code Guardian

DreamersRedemption

CRITICAL 43 users