ExtSafe

Eye DropperSecurity Analysis

Chromev4.10.3.12MV3February 18, 2026 at 11:54 AM
Use with caution

This extension requests significant permissions. It has 1M+ users, a 2.8 star rating, but review the findings below.

3.1MEDIUM
3.1 MEDIUMRaw: 3.9

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 3 permissions analyzed, 13 code findings.

Trust Signals(5.0/10)

Users
1.0M
Rating
2.8(3K reviews)
Status
Featured
Permissions
3.0/10
Code
6.3/10
Combinations
0.0/10
Manifest/CSP
5.0/10

Permissions(3 analyzed)

Code Findings(6 patterns, 13 total)

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

HIGH
web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(8)

chromewebstore.google.comeyedropper.orggithub.comgomakethings.commicrosoftedge.microsoft.comsvelte.devvanillajstoolkit.comwww.extensions-hub.com

Indicators of Compromise

7 indicators of compromise found

File Statistics

23
Total Files
7
JS Files
347.8 KB
Total Size

Other Scanned Extensions

Obsidian Web Clipper
4.8 MEDIUM
ProKeys
5.2 MEDIUM
Save Image As...
3.7 MEDIUM
Image downloader - Imageye
4.2 MEDIUM
uBlock Origin Lite
5.7 MEDIUM
Stream Cleaner
4.3 MEDIUM