vscode-doctor

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a bash script (scripts/collect_vscode_diagnostics.sh) to gather system performance metrics and editor status. The script uses standard diagnostic commands such as uptime, ps, du, and rg (ripgrep).
  • Evidence:
  • ps aux | sort -nrk 3 (CPU usage tracking)
  • du -sh "$data_dir" (Size checking for cache/log directories)
  • rg -n "$SETTINGS_QUERY" "$settings_file" (Searching settings for performance flags)
  • git status --ignored (Detecting large unindexed folders)
  • [DATA_EXPOSURE]: The skill instructions explicitly warn against sharing raw diagnostic output due to potential exposure of local paths, project names, and process command lines. It mandates redaction before any external sharing.
  • [PRIVACY_SAFETY]: The skill follows a 'confirm-before-write' policy, refusing to modify editor settings or delete caches without explicit user approval. It also distinguishes between different user intents (e.g., 'File Browser' vs 'Preserve Large Workspace') to avoid accidentally hiding files from the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:19 AM
Security Audit — agent-trust-hub — vscode-doctor