One lightweight agent inventories every plugin class your team can install — IDE extensions, browser extensions, AI-agent skills and MCP servers, and package-manager installs. For each, it captures metadata, risk-scores the plugin, and feeds the verdict to your allowlist.
The largest IDE extension surface. We inventory installed extensions per endpoint with publisher, version, and declared activation events / permissions.
The open registry used by Cursor, VSCodium, and others. Same inventory and verdicts as the VS Code Marketplace.
Plugins for IntelliJ, PyCharm, GoLand, and the rest of the JetBrains family — inventoried with version and publisher.
Cursor's extension set (OpenVSX-backed) plus its AI features — covered as a first-class IDE.
Installed extensions with their host permissions and content-script scope — the highest-volume browser surface.
Edge's own store plus Chrome Web Store sideloads — inventoried with the same permission scoring.
addons.mozilla.org extensions, including those with broad WebExtension permissions.
Safari App Extensions and content blockers on macOS — a surface most browser tooling ignores.
Skills and MCP servers registered to Claude and Claude Code, including the tools and endpoints each can reach.
MCP servers and tool configs wired into Codex agents.
Gemini agent extensions and MCP integrations.
Agent skills and MCP configs in Antigravity environments.
Any MCP server or skill — from a registry or wired up by hand — with the tool surface and endpoints it exposes. This is the newest and least-monitored class, and we treat it as first-class.
Global formulae and casks. Formula install steps run with the developer's privileges.
Globally installed packages and CLIs — postinstall scripts execute on install.
Globally / user-installed Python packages — setup.py can run arbitrary code on install.
Installed crates and binaries — build.rs build scripts execute at compile time.
Installed gems — native extensions compile and run on install.
Tools fetched with go install / go get, including any go generate steps.
Name · publisher · version · declared permissions & scopes · content hash · install source · install & update timestamps. Metadata only — the Plugin SBOM is built on the endpoint and your source code never leaves the device. Only metadata is correlated against threat intel in our cloud to produce a verdict.
postinstall scripts, PyPI setup.py, RubyGems native extensions, Cargo build.rs, and go generate all execute with the developer's privileges.PluginSec is enterprise-only and onboarded by invitation. Tell us about your team and we'll set up a demo.