Security Review & Trust

Every extension you install runs code on your machine with access to your project files and potentially your network. Security review is not optional — it is the cost of using third-party extensions. The review checklist starts with the manifest: what permissions does the extension request? What environment variables does it need? What network domains does it access? An extension requesting network:* (unrestricted network access) for a tool that queries a local database is a red flag.

Source code review is the second layer. For open-source extensions, read the MCP server code. Focus on what happens with tool inputs (are they sanitized?), what network calls are made (are credentials sent to expected endpoints?), and what file operations are performed (does it write outside the project directory?). For closed-source extensions from the Gallery, rely on the review process, install counts, and community ratings — but understand that these are weak signals compared to a code review.

Team security policies should define which extensions are approved, who can approve new ones, and how often approvals are reviewed. A simple approach: maintain an approved-extensions.json file in your repository that lists allowed extensions and versions. A custom command or CI check validates that no unapproved extensions are configured in the project's settings.json. This prevents developers from installing arbitrary extensions into shared projects.