Is Continue safe?
Updated
Continue.dev is the open-source autonomous-coding plugin (VS Code + JetBrains). Like Cline, executes operations without per-step approval.
TL;DR
Continue carries the same autonomous-edit blast radius as Cline. April 2026 Bitwarden CLI hijack hunted `.continue/` paths specifically.
How it fails in production
Autonomous-edit blast radius
Same as Cline.
.continue/ credential capture
Bitwarden CLI Apr 2026 malware specifically searched this dot-directory.
MCP integration risks
Continue ships MCP support. Apr 2026 Anthropic MCP RCE applies.
How to ship safely on Continue
- Add `.continue/` to .gitignore + .npmignore
- Configure Continue's allowlist to exclude destructive operations
- Securie reviews every Continue-committed change
What Securie covers
agent-scope + mcp-guard + secret_scanner.
Verdict
Continue is safe with allow-list + .gitignore discipline. The autonomous-edit + MCP-trust + credential-leak surfaces all need explicit closure.