Is Keyboard History Recorder safe to use?

Keyboard History Recorder has a risk level of HIGH with an overall risk score of 6.5/10. Our scan detected 18 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Keyboard History Recorder request?

Keyboard History Recorder requests the following permissions: storage, unlimitedStorage. It also requests host access to: .

What is Keyboard History Recorder's risk score?

Keyboard History Recorder has an overall risk score of 6.5/10 (HIGH). Breakdown: Permissions 7.0/10, Code 7.6/10, Combinations 10.0/10, CSP 3.1/10.

ExtSafe

Keyboard History RecorderSecurity Analysis

Chromev2.5MV3February 18, 2026 at 12:10 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

Critical2024-12Resolved

Compromised in Cyberhaven supply chain attack

Extension was among 35+ extensions compromised in the December 2024 supply chain attack campaign that injected data-stealing code.

6.5HIGH

6.5 HIGHRaw: 7.2

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 3 permissions including high-risk ones, 17 code findings, 1 dangerous combination.

Trust Signals(2.0/10)

Users

10K

Rating

4.7(14 reviews)

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

7.6/10

Combinations

10.0/10

Manifest/CSP

3.1/10

Permissions(3 analyzed)

Code Findings(10 patterns, 17 total)

Libraries(3 detected)

3 libraries detected, 1 with known vulnerabilities

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(1 finding)

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(8)

datatables.netfurtelec.comgetbootstrap.comgithub.compopper.js.orgsoftwarespk.comstackpath.bootstrapcdn.comwww.datatables.net

Indicators of Compromise

5 indicators of compromise found

File Statistics

Total Files

JS Files

621.8 KB

Total Size

Other Scanned Extensions

1Password – Password Manager

7.4 HIGH

WebP / Avif image converter

6.3 HIGH

1Password – Password Manager

7.4 HIGH

AI Exporter: Save ChatGPT, Gemini to PDF, Word, MD and Notion

6.6 HIGH