ExtSafe

Keepa™ - Amazon Price TrackerSecurity Analysis

Chromev5.58MV3February 16, 2026 at 03:13 PM
9.5CRITICAL
9.5 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 22 permissions including high-risk ones, 41 code findings, 2 dangerous combinations.

Dangerous Combinations(2)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request
CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request
Permissions
10.0/10
Code
10.0/10
Combinations
10.0/10
Manifest/CSP
4.5/10

Permissions(22 analyzed)

Code Findings(17 patterns, 41 total)

Content Security Policy

No CSP Defined(1 issue)
MEDIUM
N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(1 finding)

MEDIUM
web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

External Domains(13)

.*cdn.keepa.comdyn-2.keepa.comdyn.keepa.comgraph.keepa.comkeepa.comm.media-amazon.comsellercentralsmile.amazontest.keepa.comwww.amazonwww.amazon.www.amazon.com

Indicators of Compromise

4 indicators of compromise found

File Statistics

14
Total Files
5
JS Files
177.0 KB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL