ExtSafe

ClassLink OneClick ExtensionSecurity Analysis

Chromev12.6MV3February 18, 2026 at 11:40 AM
Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

6.3HIGH
6.3 HIGH

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 9 permissions including high-risk ones, 18 code findings, 1 dangerous combination.

Trust Signals(1.0/10)

Rating
3.0(593 reviews)

Dangerous Combinations(1)

MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network
Permissions
7.0/10
Code
8.0/10
Combinations
4.0/10
Manifest/CSP
4.3/10

Permissions(9 analyzed)

Code Findings(13 patterns, 18 total)

Libraries(2 detected)

2 libraries detected, 1 with known vulnerabilities

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(4)

analytics-log-beta.classlink.ioanalytics-log.classlink.iobetalaunchpad.classlink.combetamyapps.classlink.com

Indicators of Compromise

11 indicators of compromise found

File Statistics

27
Total Files
5
JS Files
323.0 KB
Total Size

Other Scanned Extensions

Permanent clipboard
6.2 HIGH
Snippet Manager
6.4 HIGH
1Password – Password Manager
7.4 HIGH
WebP / Avif image converter
6.3 HIGH
1Password – Password Manager
7.4 HIGH
AI Exporter: Save ChatGPT, Gemini to PDF, Word, MD and Notion
6.6 HIGH