They wanted me to review this VSCode extension[1].
Everything seems super dodgy: The extension only has 2 reviews, the linked repo[2] doesn't actually contain the source code.
I downloaded the sources from the extension marketplace, but the code is minified and obfuscated. I tried a de-minifier but the file is a few thousand lines long so it's hard to say if there's malicious code.
Is there a way to determine if this extension is safe to use? Simply installing it could give an attacker full access to my machine, right?
[1] https://marketplace.visualstudio.com/items?itemName=solomonkinard.git-blame [2] https://github.com/solomonkinard/public