🛡️ Watchtower - VS Code Security Scanner

Scan untrusted workspaces for malicious code, hidden threats, and supply chain attacks — before you run anything.

Watchtower security report

Watchtower automatically scans your VS Code workspace for invisible Unicode attacks, malicious tasks, compromised extensions, and dangerous AI agent configurations. Open that sketchy GitHub repo. Clone that interview take-home. Contribute to that open source project. Watchtower checks it first.

🔍 What Gets Scanned

Category	What Watchtower Checks
👁️ Invisible Unicode	Hidden code using Unicode tag steganography (`U+E0000–U+E007F`) — invisible to the human eye
📋 Malicious Tasks	`tasks.json` commands that run shells, download payloads, or use encoding tricks (`curl`, `base64`, `certutil`)
⚙️ Settings Hijacking	Custom interpreter paths pointing to custom binaries
🧩 Compromised Extensions	Extensions cross-referenced against live threat intelligence, with auto-uninstall
🤖 AI Agent Exploits	Dangerous auto-approval settings in Copilot, Claude, Cursor, and other AI coding assistants
🚀 Launch Configurations	Suspicious pre-launch tasks hidden in `.vscode/launch.json`
🐳 Dev Container Risks	Security misconfigurations in `.devcontainer` files

And more...

🚀 Getting Started

Recommended workflow for untrusted projects:

Open the project — VS Code will ask "Do you trust this folder?"
Choose "No, I don't trust the authors" to stay in Restricted Mode
Watchtower auto-scans on open — review findings in the sidebar
Only click "Trust Folder" after verifying the results are clean

Why Restricted Mode? Watchtower detects threats — but if you trust a workspace first, VS Code may already execute malicious tasks and scripts before the scan completes. Open untrusted, scan first, trust after.

Manual scan: Ctrl+Shift+P → Watchtower: Scan Workspace

⚙️ Configuration

Access settings via Settings → Extensions → Watchtower for global settings or the sidebar settings panel for Workspace specific settings.

Global Settings

Setting	Default	Description
`watchtower.startupScans`	`OnEveryProject`	`OnEveryProject` · `OnUntrusted` · `Off`
`watchtower.inlineFindings`	`invisible`	Inline highlights: `all` · `invisible` · `none`
`watchtower.autoUninstallMalicious`	`true`	Auto-remove extensions flagged by threat intel
`watchtower.excludedFolders`	`node_modules`, `.git`, `.venv`…	Glob patterns to skip during scanning

Workspace Settings

Workspace settings panel

🎯 Real-World Attack Context

Watchtower was built in response to documented, active attack campaigns targeting developers:

Invisible Unicode / Trojan Source — hidden code in open source repositories
Contagious Interview (DPRK) — North Korean APT groups targeting developers via fake job interviews
tasks.json infostealers — multi-stage malware via .vscode configuration files
Malicious AI skills — compromised coding assistant plugins
IDEsaster — IDE-specific attack vectors targeting developer workflows

🔐 Privacy

Runs locally — no telemetry, no code is sent anywhere
Anonymous threat intel — extension checks use an external API with no identifying data
Open source — audit the code yourself

🤝 Contributing

Found a threat pattern Watchtower should detect? Open an issue or PR on GitHub.

📝 License

MIT — see LICENSE.md

Watchtower - VSCode Security Scanner

Luis Fontes