Is ColorPick Eyedropper safe to use?

ColorPick Eyedropper has a risk level of CRITICAL with an overall risk score of 9.6/10. Our scan detected 74 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does ColorPick Eyedropper request?

ColorPick Eyedropper requests the following permissions: activeTab, tabs, scripting, storage, clipboardWrite. It also requests host access to: , http://vidsbee.com/OrderComplete.php*, https://vidsbee.com/OrderComplete.php*.

What is ColorPick Eyedropper's risk score?

ColorPick Eyedropper has an overall risk score of 9.6/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 6.3/10.

ExtSafe

ColorPick EyedropperSecurity Analysis

Chromev0.0.3.3MV3February 16, 2026 at 03:40 PM

9.6CRITICAL

9.6 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 8 permissions including high-risk ones, 68 code findings, 2 dangerous combinations.

Dangerous Combinations(2)

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

6.3/10

Permissions(8 analyzed)

Code Findings(17 patterns, 68 total)

Libraries(2 detected)

2 libraries detected, 2 with known vulnerabilities

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(3 findings)

Resolved from __MSG_* i18n placeholders:

Name: ColorPick Eyedropper

Description: A zoomed eyedropper & color chooser tool that allows you to select color values from webpages and more.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(18)

addons.mozilla.orgdevelopers.google.comgithub.comitunes.apple.commicrosoftedge.microsoft.commjijackson.compixabay.complay.google.comsafebrowsing.googleapis.comstackoverflow.comvidsbee.comwww.amazon.comwww.javascripter.netwww.microsoft.comwww.paypal.comwww.paypalobjects.comwww.urltocheck1.orgwww.vidsbee.com