Is "Cloudfoundry Manifest YML Support" on OpenVSX Registry Safe to Install?

Security Analysis Overview

Cloudfoundry Manifest YML Support is a OpenVSX Registry extension published by VMware. Version 2.0.2026041800 has been analyzed by the Risky Plugins security platform, receiving a risk score of 80.31/100 (HIGH risk) based on 6 security findings.

Risk Assessment

This extension presents critical security risk. Severe issues were detected, potentially including malware indicators, exposed secrets, or dangerous behaviors. Installation is strongly discouraged until these issues are addressed.

Findings Breakdown

• High: 4 finding(s)
• Low: 2 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

• Malware Detection: YARA rule matching against 2,400+ malware signatures
• Secret Detection: Scanning for exposed API keys, tokens, and credentials
• Static Analysis: Code-level security analysis for common vulnerability patterns
• Network Analysis: Detection of suspicious network communications and endpoints
• Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

Cloudfoundry Manifest YML Support is published by VMware on the OpenVSX Registry marketplace.

Recommendation

This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.