ExtSafe
Free browser extension security scanner

Is your Chrome extension safe?

Paste a Chrome Web Store, Edge Add-ons, or Firefox AMO URL and get a privacy & security risk report in seconds.

363
Extensions Analyzed

Permission Analysis

Evaluates 82 known permission risk profiles across all manifest versions, including host permissions and content script patterns.

Code Scanning

26+ regex patterns, AST analysis, entropy detection, and vulnerable library identification across all JavaScript files.

CSP & Manifest

Analyzes Content Security Policy, web_accessible_resources, externally_connectable, and other manifest-level security indicators.

Risk Intelligence

Combination risk detection pairs permissions with code patterns to identify session theft, keylogging, and data exfiltration behaviors.

How It Works

1

Paste URL

Copy the store URL of any Chrome, Edge, or Firefox extension

2

We Analyze

Download, unpack, and run 9 security analysis layers

3

Get Report

Receive a detailed security risk report in seconds

What We Check

Permission Analysis

  • 82 permission risk profiles
  • Host pattern analysis
  • MV2 & MV3 support
  • Content script auditing

Code Scanning

  • 26+ suspicious patterns
  • AST-level analysis
  • Entropy & obfuscation detection
  • Vulnerable library detection

Security Policy

  • CSP directive evaluation
  • Manifest field analysis
  • External connectivity checks
  • i18n name resolution

Risk Intelligence

  • 8 combination risk rules
  • IOC extraction
  • External domain mapping
  • Multi-signal scoring

Frequently Asked Questions

How does ExtSafe work?

ExtSafe downloads the extension package, unpacks it, and runs 9 security analysis layers including permission analysis, code pattern scanning, AST analysis, entropy detection, CSP evaluation, manifest inspection, vulnerable library detection, IOC extraction, and combination risk detection. Results are delivered in seconds.

Is ExtSafe free?

Yes, ExtSafe is completely free to use. You can scan any Chrome, Edge, or Firefox extension without creating an account or paying anything.

What browsers are supported?

ExtSafe supports extensions from three major browser extension stores: Chrome Web Store, Microsoft Edge Add-ons, and Firefox Add-ons (AMO). Simply paste the store URL of any extension from these platforms.

Is my Chrome extension safe?

Paste the Chrome Web Store URL of your extension into ExtSafe to find out. We analyze permissions, scan for malicious code patterns, check for vulnerable libraries, and detect dangerous permission-code combinations to give you a comprehensive risk score.

What does the risk score mean?

The risk score ranges from 0 to 10, where 0 means minimal risk and 10 means critical risk. It is calculated from four components: permission sensitivity, suspicious code patterns, dangerous permission-code combinations, and CSP/manifest configuration issues. Extensions are classified as LOW, MEDIUM, HIGH, or CRITICAL risk.

Ready to check your extensions?

It only takes a few seconds.