Subscribe to the Non-Human & AI Identity Journal
Home FAQ Governance, Ownership & Risk How should teams assess risky VS Code extensions…
Governance, Ownership & Risk

How should teams assess risky VS Code extensions before allowing them on developer machines?

← Back to all FAQ
By NHI Mgmt Group Editorial Team Updated July 9, 2026 Domain: Governance, Ownership & Risk

Teams should review the packaged extension, not just the repository, and look for startup activation, outbound network calls, hidden configuration reads, and any path to shell execution. Extensions that can fetch remote content and run it automatically should be treated as execution software, not simple tooling. Approval should require artifact parity, code inspection, and behavioural testing.

Why This Matters for Security Teams

VS Code extensions are not just productivity add-ons. Many execute on startup, reach into files and settings, and can call external services without an obvious prompt. That makes them a supply chain and execution-risk decision, not a simple developer preference. NHI Management Group’s research on the Top 10 NHI Issues and the OWASP NHI Top 10 both reflect the same operational reality: a tool that can read secrets, initiate network traffic, and invoke shell actions has meaningful blast radius.

Teams often under-assess extensions because they trust the marketplace title, star rating, or source repository alone. That is insufficient. The packaged artifact is what runs on the workstation, and it may differ from reviewed source or pull-request content. Security review should ask whether the extension can auto-activate, exfiltrate data, or chain into a local execution path. Current guidance suggests treating those capabilities as privileged behavior, especially when developer machines already hold credentials, source code, and session tokens. In practice, many security teams discover extension abuse only after a workstation starts making unusual outbound requests or a developer reports unexpected credential exposure.

How It Works in Practice

A practical approval process starts with artifact parity: inspect the packaged VSIX, not only the repository, and confirm the published binary matches the code that was reviewed. Then assess runtime behaviour under controlled conditions. The security question is not just “what does it contain?” but “what can it do when activated?” That includes startup activation events, hidden configuration reads, telemetry endpoints, file-system reach, and any path from extension logic to shell execution.

Use the same discipline you would apply to other software that handles sensitive material. The NIST Cybersecurity Framework 2.0 supports inventory and control of software exposure, while NIST SP 800-53 Rev 5 Security and Privacy Controls gives a control-oriented lens for software integrity, least privilege, monitoring, and configuration management. For extensions that fetch remote content or update behavior dynamically, classify them as execution software. That means requiring stronger review than for static linting or formatting tools.

  • Verify the packaged extension hash against the reviewed artifact.
  • Enumerate permissions, activation events, network destinations, and file access paths.
  • Test for remote code fetch, command invocation, and hidden reads of workspace or global settings.
  • Block or sandbox extensions that cannot justify their runtime behavior.

Pair this with developer-machine safeguards such as egress monitoring and allowlisting for high-risk tools. These controls tend to break down when extensions are auto-updated from a trusted marketplace but quietly change behavior between review cycles because the approved package and the running artifact are no longer the same thing.

Common Variations and Edge Cases

Tighter extension review often increases deployment overhead, requiring organisations to balance developer convenience against workstation risk. Not every extension needs the same treatment, and current guidance is still evolving on how to score risk consistently across marketplace popularity, open-source transparency, and runtime authority. The key is to distinguish low-impact UI helpers from tools that can touch secrets, network, or execution paths.

Edge cases include extensions used for AI-assisted coding, remote environment integration, and repository automation. Those often deserve enhanced scrutiny because they can read large swaths of source code and context. The Ultimate Guide to NHIs — Key Challenges and Risks and Ultimate Guide to NHIs — Why NHI Security Matters Now both reinforce a simple point: once a tool can read code, contact external systems, and operate automatically, it starts behaving like a privileged workload rather than a benign add-on.

Teams should also be cautious with “open source equals safe” assumptions. Review depth should scale with access, not popularity. The highest-risk cases are extensions that request broad filesystem scope, run on every startup, or rely on remote configuration that can change after approval. In those environments, static review alone is not enough because the operational behavior is partly determined at runtime.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-03Extension runtime access and secret exposure map to NHI credential misuse risk.
NIST CSF 2.0PR.IP-1Software installation and integrity checks fit secure configuration and software approval.
NIST CSF 2.0DE.CM-8Suspicious outbound calls and runtime behavior need continuous monitoring.

Approve only extensions whose artifact, permissions, and runtime behavior are reviewed and constrained.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org