Is Dungeon Dodge safe to use?

Dungeon Dodge has a risk level of HIGH with an overall risk score of 6.3/10. Our scan detected 12 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Dungeon Dodge request?

Dungeon Dodge requests the following permissions: scripting, storage, alarms. It also requests host access to: .

What is Dungeon Dodge's risk score?

Dungeon Dodge has an overall risk score of 6.3/10 (HIGH). Breakdown: Permissions 7.0/10, Code 6.3/10, Combinations 10.0/10, CSP 4.3/10.

ExtSafe

Dungeon DodgeSecurity Analysis

Chromev1.0.4MV3February 18, 2026 at 11:38 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

6.3HIGH

6.3 HIGHRaw: 7.0

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 4 permissions including high-risk ones, 10 code findings, 1 dangerous combination.

Trust Signals(2.8/10)

Users

10K

Rating

4.6(20 reviews)

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

6.3/10

Combinations

10.0/10

Manifest/CSP

4.3/10

Permissions(4 analyzed)

Code Findings(9 patterns, 10 total)

Libraries(1 detected)

1 library detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: Dungeon Dodge

Description: Master the Perilous Dungeons: Conquer Dungeon Dodge Anytime, Anywhere Offline

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(1)

github.com

Indicators of Compromise

6 indicators of compromise found

File Statistics

Total Files

JS Files

698.0 KB

Total Size

Other Scanned Extensions

1Password – Password Manager

7.4 HIGH

WebP / Avif image converter

6.3 HIGH

1Password – Password Manager

7.4 HIGH

AI Exporter: Save ChatGPT, Gemini to PDF, Word, MD and Notion

6.6 HIGH