Local AI VS Code extension blocks insecure code generation during saves
A developer created a VS Code extension that runs llama3.1:8b-instruct-q4 locally to physically block saves containing insecure AI-generated code. The tool was built after Claude generated a Flask route with a textbook CWE-117 (Log Injection) vulnerability.
How it works
The extension intercepts your save operations in VS Code, runs the llama3.1:8b-instruct-q4 model locally, maps the source-to-sink execution flow of the code, and throws a hard block if the AI generated something dangerous. The entire system operates offline with no cloud dependencies or API keys required.
Specific details from the source
- Model used: llama3.1:8b-instruct-q4
- Platform: VS Code extension
- Trigger: Intercepts save operations
- Analysis method: Maps source-to-sink execution flow
- Action: Throws a hard block on dangerous code
- Example vulnerability caught: CWE-117 Log Injection in a Flask route generated by Claude
- Infrastructure: Completely offline, no cloud, no API keys
This approach addresses a common issue where AI coding assistants like Claude and GitHub Copilot generate code quickly but may introduce security vulnerabilities. The local execution ensures privacy and eliminates dependency on external services.
📖 Read the full source: r/LocalLLaMA
👀 See Also
EctoLedger: Open-source microVM sandbox for local AI agents with terminal access
EctoLedger is an open-source runtime firewall and ledger that provides microVM isolation for local AI agents with terminal access, running four prevention layers before executing commands in Apple Hypervisor.framework (macOS) or Firecracker microVM (Linux) environments.
Claude Code Auto Mode: Safer Alternative to Skipping Permissions
Claude Code now offers auto mode, a permissions mode where Claude makes permission decisions with safeguards monitoring actions before execution. It's available as a research preview for Team plan users, with Enterprise and API rollout coming soon.
Using an adversarial Claude chat to catch kickoff ambiguities before they cost you
A developer added a second Claude chat whose only job is to adversarially review kickoffs for ambiguous specs and silent failures, saving an estimated $150-400 in Claude Code rework across a project phase.
Phalanx CLI coordinates multiple AI agents for automated code-review cycles
A developer built Phalanx, a CLI tool that coordinates AI agents from different providers: Codex handles coding, Claude Opus performs code review, and Claude Sonnet orchestrates the loop. A companion tool called Codebones compresses repositories to structural maps to reduce token usage.