Skills
.Work. You
Rest

extension-security

Community

Secure VS Code extensions

Software Engineering#vscode#security#extension#credentials#api key#vsce
Authorfabioc-aloha
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill ensures that VS Code extensions are developed and published securely, preventing the accidental inclusion of sensitive credentials and protecting users from potential vulnerabilities.

Core Features & Use Cases

  • Credential Management: Enforces the use of VS Code's SecretStorage for all API keys and sensitive data, preventing hardcoding.
  • Publishing Verification: Utilizes vsce ls to verify that no sensitive files or source code are included in the final extension package (.vsix).
  • Secret Scanning: Integrates a scanner to detect common patterns of secrets within code.
  • Use Case: Before publishing a new VS Code extension that requires an API key, use this Skill to audit your code, verify your .vscodeignore file, and run vsce ls to ensure no secrets are exposed.

Quick Start

Run the security audit for the 'my-extension' VS Code extension.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: extension-security
Download link: https://github.com/fabioc-aloha/Extensions/archive/main.zip#extension-security

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.