Unable to publish extension: "suspicious content" false positive for dotveil (env file masking extension)

[ragnarok22]

Problem

I'm unable to publish my extension dotveil (ragnarokreinier.dotveil). Every upload attempt is rejected with:

Your extension has suspicious content. Please fix your extension metadata, or contact support if you need assistance.

I'm a first-time publisher. The error provides no details about what specifically is flagged.

About the extension

dotveil is a simple VS Code extension that visually masks sensitive values in .env and config files using editor
decorations. It does not:

• Make any network requests
• Read or write files to disk
• Collect telemetry or user data
• Access any APIs beyond vscode.window and vscode.workspace

It only uses TextEditorDecorationType to overlay asterisks on secret values in the editor. The source code is fully open:
https://github.com/ragnarok22/vscode-veil-dotenv

VSIX contents

The packaged VSIX is 56 KB and contains only:

• package.json
• dist/extension.js (6 KB bundled)
• dotveil.png (icon)
• README.md
• PRIVACY.md
• LICENSE.txt
• CHANGELOG.md

What I've tried

• Verified .vscodeignore excludes node_modules, src, .vscode-test, and all dev files
• Confirmed the VSIX has no binaries, native modules, or extraneous files
• Rebuilt and re-uploaded multiple times

Request

Could you please manually review the extension and unblock publishing? I suspect the automated scanner is flagging the
extension because it targets credential files (.env, secrets.yaml) and uses keywords like "secrets" and "masking", but
the extension only applies visual decorations and has no data exfiltration capability.

Thank you.

[madhurivadaligithub]

Thanks for reaching out and raising this issue. Please contact our support alias at VSMarketplace@microsoft.com for a prompt response