Display security vulnerability rating of a plugin - show whether it makes network requests/ if it has access to files outside the vault

Use case or problem

Not able to know if an extension poses a real security vulnerability to my vault and notes.

Proposed solution

I talked to the author of MAKE.md who explained two possible vulnerabilities are:

  • when making network requests
  • when accessing files outside the vault

It would be great to know if an extension is completely airgapped and thus makes no network calls. And also the “visibility” scope of the plugin.

I also heard that plugins are audited, but only on first publish.

Current workaround (optional)

  • Not using extensions
  • Talking to the extension authors to check if they make network requests
  • Accepting the possible vulnerability in tradeoff of the UX

Related feature requests (optional)


1 Like

I’m moving this out of Feature Requests for the moment.

You can find a long discussion on this matter here: Security of the plugins

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.