Security researcher shadow-ninja built VSCan, a free tool (vscan.dev) to detect malicious VSCode, Cursor, and Windsurf extensions. VSCode extensions have full system access, making them a potential security risk, with past instances of malicious extensions compromising devices. VSCan scans for hidden malware, dangerous permissions, vulnerable dependencies, and suspicious network connections, generating a developer-friendly security report. Preliminary analysis of 1077 extensions revealed that a few extensions are marked as malicious by VirusTotal while others exhibit malicious network activity, critical dependency vulnerabilities, exposed sensitive information, poor development practices, and high permissions. Shadow-ninja is also developing sandboxing technology to restrict extensions during runtime. The author is seeking feedback on VSCan and interest in the sandboxing project.