vscode-extension-builder-lawvable

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The package includes a deliberate "file-bridge" file‑based IPC that lets external processes/agents drop JSON commands which the extension will execute (including reading and writing arbitrary filesystem paths and returning open file contents) with no authentication or path restriction and with auto-initialization triggers and command-file deletion — this design enables easy data exfiltration and functions as a backdoor/supply‑chain abuse vector.