Is Python Debugger safe to use?

Python Debugger has a security risk score of 97.29/100 (CRITICAL risk). Our security analysis detected 4148 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of Python Debugger?

Based on our automated security analysis, Python Debugger presents critical risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "Python Debugger" on OpenVSX Registry Safe to Install?

Name: Python Debugger
Availability: InStock
Author: ms-python

Verified

ms-python · openvsx · v2025.18.0

Python Debugger extension using debugpy.

Risk Assessment

Analyzed

97.29

out of 100

CRITICAL

4148 security findings detected across all analyzers

Open VSX extension analyzed via package manifest and static code analysis

Severity Breakdown

Critical

857

High

2945

Medium

Low

Info

Finding Categories

857

Malware Signatures

143

IoC Indicators

YARA Rules Matched

17 rules(857 hits)

postinstall obfuscation DebuggerStatementsShouldNotBeUsed postinstall file manipulation postinstall network communication postinstall registry modification postinstall system command postinstall persistence mechanism postinstall environment access credential env files NoUseWeakRandom postinstall crypto operations UsingShellInterpreterWhenExecutingOSCommands postinstall file download RedirectToUnknownPath NoUseEval postinstall process injection +1 more

About This Extension

Python Debugger extension using debugpy.

Detailed Findings

857 total

YARA Rule Matches

17 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

URLs

IP Addresses

Domains

143

Strings

143

All Indicators · 143

Domain

detected Domain: serializer.js.map

XIOC detected Domain: serializer.js.map

extracted_from_files

Domain

detected Domain: process.py

XIOC detected Domain: process.py

extracted_from_files

Domain

detected Domain: microsoft.visualstudio.component.vc.tools

XIOC detected Domain: microsoft.visualstudio.component.vc.tools

extracted_from_files

detected Domain: context.rip

XIOC detected Domain: context.rip

extracted_from_files

Domain

detected Domain: rect.top

XIOC detected Domain: rect.top

extracted_from_files

Domain

detected Domain: cr.top

XIOC detected Domain: cr.top

extracted_from_files

Domain

detected Domain: pydev.blogspot.com

XIOC detected Domain: pydev.blogspot.com

extracted_from_files

Domain

detected Domain: pandas.io.formats.style

XIOC detected Domain: pandas.io.formats.style

extracted_from_files

Domain

detected Domain: name.py

XIOC detected Domain: name.py

extracted_from_files

Domain

detected Domain: origin.name

XIOC detected Domain: origin.name

extracted_from_files

Domain

detected Domain: context.template.origin.name

XIOC detected Domain: context.template.origin.name

extracted_from_files

Domain

detected Domain: self.origin.name

XIOC detected Domain: self.origin.name

extracted_from_files

Domain

detected Domain: settings.py

XIOC detected Domain: settings.py

extracted_from_files

Domain

detected Domain: locale.lc

XIOC detected Domain: locale.lc

extracted_from_files

Domain

detected Domain: state.py

XIOC detected Domain: state.py

extracted_from_files

Domain

detected Domain: args.host

XIOC detected Domain: args.host

extracted_from_files

Domain

detected Domain: log.to

XIOC detected Domain: log.to

extracted_from_files

Domain

detected Domain: versioneer.py

XIOC detected Domain: versioneer.py

extracted_from_files

Domain

detected Domain: cython.build

XIOC detected Domain: cython.build

extracted_from_files

Domain

detected Domain: build.py

XIOC detected Domain: build.py

extracted_from_files

Domain

detected Domain: conn.pid

XIOC detected Domain: conn.pid

extracted_from_files

Domain

detected Domain: servers.is

XIOC detected Domain: servers.is

extracted_from_files

Domain

detected Domain: self.session.id

XIOC detected Domain: self.session.id

extracted_from_files

Domain

detected Domain: messaging.no

XIOC detected Domain: messaging.no

extracted_from_files

Domain

detected Domain: self.session.no

XIOC detected Domain: self.session.no

extracted_from_files

Domain

detected Domain: request.is

XIOC detected Domain: request.is

extracted_from_files

Domain

detected Domain: sessions.report

XIOC detected Domain: sessions.report

extracted_from_files

Domain

detected Domain: self.properties

XIOC detected Domain: self.properties

extracted_from_files

Domain

detected Domain: exc.stream.name

XIOC detected Domain: exc.stream.name

extracted_from_files

Domain

detected Domain: self.channel

XIOC detected Domain: self.channel

extracted_from_files

Domain

detected Domain: channel.stream.name

XIOC detected Domain: channel.stream.name

extracted_from_files

Domain

detected Domain: channel.name

XIOC detected Domain: channel.name

extracted_from_files

Domain

detected Domain: stream.name

XIOC detected Domain: stream.name

extracted_from_files

Domain

detected Domain: self.session.pid

XIOC detected Domain: self.session.pid

extracted_from_files

Domain

detected Domain: self.session.launcher.pid

XIOC detected Domain: self.session.launcher.pid

extracted_from_files

Domain

detected Domain: connection.channel

XIOC detected Domain: connection.channel

extracted_from_files

Domain

detected Domain: session.pid

XIOC detected Domain: session.pid

extracted_from_files

Domain

detected Domain: self.channel.name

XIOC detected Domain: self.channel.name

extracted_from_files

Domain

detected Domain: code.py

XIOC detected Domain: code.py

extracted_from_files

Domain

detected Domain: mongodb-core.pub

XIOC detected Domain: mongodb-core.pub

extracted_from_files

Domain

detected Domain: r.prototype.map

XIOC detected Domain: r.prototype.map

extracted_from_files

Domain

detected Domain: vnd.collection.next

XIOC detected Domain: vnd.collection.next

extracted_from_files

Domain

detected Domain: vnd.citationstyles.style

XIOC detected Domain: vnd.citationstyles.style

extracted_from_files

Domain

detected Domain: vnd.canon

XIOC detected Domain: vnd.canon

extracted_from_files

Domain

detected Domain: vnd.cab

XIOC detected Domain: vnd.cab

extracted_from_files

Domain

detected Domain: vnd.bint.med

XIOC detected Domain: vnd.bint.med

extracted_from_files

Domain

detected Domain: vnd.apache.arrow.stream

XIOC detected Domain: vnd.apache.arrow.stream

extracted_from_files

Domain

detected Domain: vnd.antix.game

XIOC detected Domain: vnd.antix.game

extracted_from_files

Domain

detected Domain: vnd.drive

XIOC detected Domain: vnd.drive

extracted_from_files

Domain

detected Domain: vnd.dolby.mobile

XIOC detected Domain: vnd.dolby.mobile

extracted_from_files

Domain

detected Domain: vnd.desmume.movie

XIOC detected Domain: vnd.desmume.movie

extracted_from_files

detected Domain: vnd.dece.zip

XIOC detected Domain: vnd.dece.zip

extracted_from_files

Domain

detected Domain: vnd.dece.data

XIOC detected Domain: vnd.dece.data

extracted_from_files

URL

detected Domain: vnd.curl.car

XIOC detected Domain: vnd.curl.car

extracted_from_files

Domain

detected Domain: vnd.ctct.ws

XIOC detected Domain: vnd.ctct.ws

extracted_from_files

Domain

detected Domain: vnd.gov.sk

XIOC detected Domain: vnd.gov.sk

extracted_from_files

Domain

detected Domain: vnd.gmx

XIOC detected Domain: vnd.gmx

extracted_from_files

Domain

detected Domain: vnd.fujixerox.art

XIOC detected Domain: vnd.fujixerox.art

extracted_from_files

Domain

detected Domain: vnd.f-secure.mobile

XIOC detected Domain: vnd.f-secure.mobile

extracted_from_files

Domain

detected Domain: vnd.eudora.data

XIOC detected Domain: vnd.eudora.data

extracted_from_files

Domain

detected Domain: vnd.eu.kasparian.car

XIOC detected Domain: vnd.eu.kasparian.car

extracted_from_files

Domain

detected Domain: vnd.eprints.data

XIOC detected Domain: vnd.eprints.data

extracted_from_files

Domain

detected Domain: vnd.muvee.style

XIOC detected Domain: vnd.muvee.style

extracted_from_files

Domain

detected Domain: vnd.ms

XIOC detected Domain: vnd.ms

extracted_from_files

Domain

detected Domain: vnd.llamagraphics.life-balance.exchange

XIOC detected Domain: vnd.llamagraphics.life-balance.exchange

extracted_from_files

Domain

detected Domain: vnd.is

XIOC detected Domain: vnd.is

extracted_from_files

Domain

detected Domain: vnd.ims.lti.v2.toolproxy.id

XIOC detected Domain: vnd.ims.lti.v2.toolproxy.id

extracted_from_files

Domain

detected Domain: vnd.ieee

XIOC detected Domain: vnd.ieee

extracted_from_files

Domain

detected Domain: vnd.ibm.secure

XIOC detected Domain: vnd.ibm.secure

extracted_from_files

Domain

detected Domain: vnd.oma.poc.final

XIOC detected Domain: vnd.oma.poc.final

extracted_from_files

Domain

detected Domain: vnd.oma.group

XIOC detected Domain: vnd.oma.group

extracted_from_files

Domain

detected Domain: vnd.oma.cab

XIOC detected Domain: vnd.oma.cab

extracted_from_files

Domain

detected Domain: vnd.oasis.opendocument.graphics

XIOC detected Domain: vnd.oasis.opendocument.graphics

extracted_from_files

Domain

detected Domain: vnd.nokia.radio

XIOC detected Domain: vnd.nokia.radio

extracted_from_files

Domain

detected Domain: vnd.nokia.n-gage.data

XIOC detected Domain: vnd.nokia.n-gage.data

extracted_from_files

Domain

detected Domain: vnd.nokia.n-gage.ac

XIOC detected Domain: vnd.nokia.n-gage.ac

extracted_from_files

Domain

detected Domain: vnd.route66.link

XIOC detected Domain: vnd.route66.link

extracted_from_files

Domain

detected Domain: vnd.rainstor.data

XIOC detected Domain: vnd.rainstor.data

extracted_from_files

Domain

detected Domain: vnd.previewsystems.box

XIOC detected Domain: vnd.previewsystems.box

extracted_from_files

Domain

detected Domain: vnd.poc.group

XIOC detected Domain: vnd.poc.group

extracted_from_files

Domain

detected Domain: vnd.openxmlformats-package.digital

XIOC detected Domain: vnd.openxmlformats-package.digital

extracted_from_files

Domain

detected Domain: vnd.openstreetmap.data

XIOC detected Domain: vnd.openstreetmap.data

extracted_from_files

Domain

detected Domain: vnd.openblox.game

XIOC detected Domain: vnd.openblox.game

extracted_from_files

Domain

detected Domain: vnd.youtube.yt

XIOC detected Domain: vnd.youtube.yt

extracted_from_files

Domain

detected Domain: vnd.uplanet.channel

XIOC detected Domain: vnd.uplanet.channel

extracted_from_files

Domain

detected Domain: vnd.syncml.dm

XIOC detected Domain: vnd.syncml.dm

extracted_from_files

Domain

detected Domain: vnd.sun.xml.writer.global

XIOC detected Domain: vnd.sun.xml.writer.global

extracted_from_files

Domain

detected Domain: vnd.sealed.net

XIOC detected Domain: vnd.sealed.net

extracted_from_files

Domain

detected Domain: vnd.ruckus.download

XIOC detected Domain: vnd.ruckus.download

extracted_from_files

Domain

detected Domain: vnd.rs

XIOC detected Domain: vnd.rs

extracted_from_files

detected Domain: vnd.rip

XIOC detected Domain: vnd.rip

extracted_from_files

Domain

detected Domain: vnd.nokia.mobile

XIOC detected Domain: vnd.nokia.mobile

extracted_from_files

Domain

detected Domain: vnd.hns.audio

XIOC detected Domain: vnd.hns.audio

extracted_from_files

Domain

detected Domain: vnd.dolby.pl

XIOC detected Domain: vnd.dolby.pl

extracted_from_files

Domain

detected Domain: vnd.digital

XIOC detected Domain: vnd.digital

extracted_from_files

Domain

detected Domain: vnd.dece.audio

XIOC detected Domain: vnd.dece.audio

extracted_from_files

Domain

detected Domain: vnd.cmles.radio

XIOC detected Domain: vnd.cmles.radio

extracted_from_files

Domain

detected Domain: vnd.sun.j2me.app

XIOC detected Domain: vnd.sun.j2me.app

extracted_from_files

Domain

detected Domain: vnd.in3d.spot

XIOC detected Domain: vnd.in3d.spot

extracted_from_files

Domain

detected Domain: vnd.in

XIOC detected Domain: vnd.in

extracted_from_files

Domain

detected Domain: vnd.fly

XIOC detected Domain: vnd.fly

extracted_from_files

Domain

detected Domain: vnd.abc

XIOC detected Domain: vnd.abc

extracted_from_files

Domain

detected Domain: vnd.gs

XIOC detected Domain: vnd.gs

extracted_from_files

Domain

detected Domain: vnd.net

XIOC detected Domain: vnd.net

extracted_from_files

Domain

detected Domain: vnd.hns.video

XIOC detected Domain: vnd.hns.video

extracted_from_files

Domain

detected Domain: vnd.dece.video

XIOC detected Domain: vnd.dece.video

extracted_from_files

Domain

detected Domain: vnd.dece.sd

XIOC detected Domain: vnd.dece.sd

extracted_from_files

Domain

detected Domain: vnd.dece.mp

XIOC detected Domain: vnd.dece.mp

extracted_from_files

Domain

detected Domain: vnd.dece.mobile

XIOC detected Domain: vnd.dece.mobile

extracted_from_files

Domain

detected Domain: vnd.wap.sl

XIOC detected Domain: vnd.wap.sl

extracted_from_files

Domain

detected Domain: vnd.wap.si

XIOC detected Domain: vnd.wap.si

extracted_from_files

Domain

detected Domain: lodash.com

XIOC detected Domain: lodash.com

extracted_from_files

Domain

detected Domain: n.show

XIOC detected Domain: n.show

extracted_from_files

Domain

detected Domain: vnd.vivo

XIOC detected Domain: vnd.vivo

extracted_from_files

Domain

detected Domain: vnd.uvvu.mp

XIOC detected Domain: vnd.uvvu.mp

extracted_from_files

Domain

detected Domain: vnd.sealedmedia.softseal.mov

XIOC detected Domain: vnd.sealedmedia.softseal.mov

extracted_from_files

Domain

detected Domain: vnd.nokia.mp

XIOC detected Domain: vnd.nokia.mp

extracted_from_files

Domain

detected Domain: vnd.motorola.video

XIOC detected Domain: vnd.motorola.video

extracted_from_files

Domain

detected Domain: aws.amazon.com

XIOC detected Domain: aws.amazon.com

extracted_from_files

Domain

detected Domain: www.alibabacloud.com

XIOC detected Domain: www.alibabacloud.com

extracted_from_files

Domain

detected Domain: w3c.github.io

XIOC detected Domain: w3c.github.io

extracted_from_files

Domain

detected Domain: www.w3.org

XIOC detected Domain: www.w3.org

extracted_from_files

Domain

detected Domain: developer.mozilla.org

XIOC detected Domain: developer.mozilla.org

extracted_from_files

Domain

detected Domain: underscorejs.org

XIOC detected Domain: underscorejs.org

extracted_from_files

Domain

detected Domain: openjsf.org

XIOC detected Domain: openjsf.org

extracted_from_files

Domain

detected Domain: docs.oracle.com

XIOC detected Domain: docs.oracle.com

extracted_from_files

Domain

detected Domain: developer.android.com

XIOC detected Domain: developer.android.com

extracted_from_files

Domain

detected Domain: developer.apple.com

XIOC detected Domain: developer.apple.com

extracted_from_files

Domain

detected Domain: docs.docker.com

XIOC detected Domain: docs.docker.com

extracted_from_files

Domain

detected Domain: docs.aws.amazon.com

XIOC detected Domain: docs.aws.amazon.com

extracted_from_files

Domain

detected Domain: cloud.google.com

XIOC detected Domain: cloud.google.com

extracted_from_files

Domain

detected Domain: azure.microsoft.com

XIOC detected Domain: azure.microsoft.com

extracted_from_files

Domain

detected Domain: docs.oasis-open.org

XIOC detected Domain: docs.oasis-open.org

extracted_from_files

Domain

detected Domain: tools.ietf.org

XIOC detected Domain: tools.ietf.org

extracted_from_files

Domain

detected Domain: www.iso.org

XIOC detected Domain: www.iso.org

extracted_from_files

Domain

detected Domain: redis.io

XIOC detected Domain: redis.io

extracted_from_files

Domain

detected Domain: hbase.apache.org

XIOC detected Domain: hbase.apache.org

extracted_from_files

Domain

detected Domain: docs.datastax.com

XIOC detected Domain: docs.datastax.com

extracted_from_files

Domain

detected Domain: docs.mongodb.com

XIOC detected Domain: docs.mongodb.com

extracted_from_files

Domain

detected Domain: www.ecma-international.org

XIOC detected Domain: www.ecma-international.org

extracted_from_files

Domain

detected Domain: nodejs.org

XIOC detected Domain: nodejs.org

extracted_from_files

Domain

detected Domain: caniuse.com

XIOC detected Domain: caniuse.com

extracted_from_files

Domain

detected Domain: www.chromium.org

XIOC detected Domain: www.chromium.org

extracted_from_files

Security Analysis Summary

Security Analysis Overview

Python Debugger is a OpenVSX Registry extension published by ms-python. Version 2025.18.0 has been analyzed by the Risky Plugins security platform, receiving a risk score of 97.29/100 (CRITICAL risk) based on 4148 security findings.

Risk Assessment

This extension presents critical security risk. Severe issues were detected, potentially including malware indicators, exposed secrets, or dangerous behaviors. Installation is strongly discouraged until these issues are addressed.

Findings Breakdown

High: 857 finding(s)
Medium: 2945 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

Malware Detection: YARA rule matching against 2,400+ malware signatures
Secret Detection: Scanning for exposed API keys, tokens, and credentials
Static Analysis: Code-level security analysis for common vulnerability patterns
Network Analysis: Detection of suspicious network communications and endpoints
Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

Python Debugger is published by ms-python on the OpenVSX Registry marketplace.

Recommendation

This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.

Source Code Viewer

Source Code Not Available

Source code is not available for this version of the extension.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

Pylance

Microsoft

CRITICAL 179.4M users

mypy-type-checker

ms-python

CRITICAL 78K users

Python Debugger

Microsoft

CRITICAL 118.1M users

isort

ms-python

CRITICAL 523K users

python

ms-python

CRITICAL 35.8M users

isort

Microsoft

CRITICAL 25.4M users

Risk Assessment

Severity Breakdown

Finding Categories

YARA Rules Matched

About This Extension

Detailed Findings

YARA Rule Matches

postinstall obfuscation

DebuggerStatementsShouldNotBeUsed

postinstall file manipulation

postinstall network communication

postinstall registry modification

postinstall system command

postinstall persistence mechanism

postinstall environment access

credential env files

NoUseWeakRandom

postinstall crypto operations

UsingShellInterpreterWhenExecutingOSCommands

postinstall file download

RedirectToUnknownPath

NoUseEval

postinstall process injection

NoWriteOnDocumentContentFromRequest

Indicators of Compromise

All Indicators · 143

Security Analysis Summary

Security Analysis Overview

Risk Assessment

Findings Breakdown

What Was Analyzed

Developer Information

Recommendation

Frequently Asked Questions

Similar Extensions

Pylance

mypy-type-checker

Python Debugger

isort

python

isort