ExtSafe

Microsoft Power AutomateSecurity Analysis

Chromev2.61.0.32MV3February 16, 2026 at 03:17 PM
8.8CRITICAL
8.8 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 9 permissions including high-risk ones, 96 code findings, 1 dangerous combination.

Dangerous Combinations(1)

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request
Permissions
10.0/10
Code
10.0/10
Combinations
7.0/10
Manifest/CSP
1.0/10

Permissions(9 analyzed)

Code Findings(8 patterns, 96 total)

Libraries(4 detected)

4 libraries detected

Content Security Policy

CSP Present(1 issue)
LOW
object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(0 findings)

Resolved from __MSG_* i18n placeholders:

Name: Microsoft Power Automate

Description: Add-on for enabling web automation. This web extension is compatible with Power Automate for desktop version 2.27 or later.

No manifest-level concerns found.

External Domains(5)

github.comjquery.comjquery.orgjs.foundationsizzlejs.com

Indicators of Compromise

16 indicators of compromise found

File Statistics

59
Total Files
7
JS Files
3.0 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL