Trust check pattern for any new devtool:
1. Who maintains it?
2. What permissions does it request?
3. Does the repo expose secrets/config?
4. Are deps pinned and current?
5. Does the website pass basic browser hardening?
Speed is great. Blind trust is how you get owned. #DevSecOps