Is Clear Cache safe to use?

Clear Cache has a risk level of MEDIUM with an overall risk score of 4.7/10. Our scan detected 56 security findings. This extension has some risks worth reviewing.

What permissions does Clear Cache request?

Clear Cache requests the following permissions: alarms, activeTab, browsingData, declarativeNetRequestWithHostAccess, offscreen, storage, scripting, tabs, idle.

What is Clear Cache's risk score?

Clear Cache has an overall risk score of 4.7/10 (MEDIUM). Breakdown: Permissions 5.0/10, Code 7.5/10, Combinations 4.0/10, CSP 6.5/10.

ExtSafe

Clear CacheSecurity Analysis

Chromev2.3.4.4MV3February 18, 2026 at 11:53 AM

Use with caution

This extension requests significant permissions. It has 1M+ users, a 3.5 star rating, is published by Little Void LLC, but review the findings below.

4.7MEDIUM

4.7 MEDIUMRaw: 5.9

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 9 permissions analyzed, 52 code findings, 1 dangerous combination.

Trust Signals(5.5/10)

Users

1.0M

Rating

3.5(1K reviews)

Developer

Little Void LLC

Status

Featured

Dangerous Combinations(1)

MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network

Permissions

5.0/10

Code

7.5/10

Combinations

4.0/10

Manifest/CSP

6.5/10

Permissions(9 analyzed)

Code Findings(16 patterns, 52 total)

Libraries(1 detected)

1 library detected

Content Security Policy

CSP Present(3 issues)

CRITICAL

script-srcunsafe-eval allowed

The 'unsafe-eval' source allows eval(), new Function(), and similar dynamic code execution — a major code injection risk.

HIGH

script-srcunsafe-inline allowed

The 'unsafe-inline' source allows inline <script> tags and event handlers, enabling script injection attacks.

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(1 finding)

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(19)

${e${ho${i${n.host${r${rs*.paddle.comapi.clearcache.ioapi.paddle.combuymeacoffee.comchromewebstore.google.comclearcache.ioevilmartians.comgithub.comissues.chromium.orgpaddle.netsub.domain.comvuejs.orgwww.w3ctech.com