Is __MSG_extName__ safe to use?

__MSG_extName__ has a risk level of CRITICAL with an overall risk score of 9.4/10. Our scan detected 353 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does __MSG_extName__ request?

__MSG_extName__ requests the following permissions: tabs, power, storage, unlimitedStorage, desktopCapture, tabCapture, cookies, activeTab, contextMenus, scripting, offscreen, alarms, downloads. It also requests host access to: *://*.awesomescreenshot.com/, , http://*/*, https://*/*, https://mail.google.com/*, https://inbox.google.com/*.

What is __MSG_extName__'s risk score?

__MSG_extName__ has an overall risk score of 9.4/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 3.9/10.

ExtSafe

__MSG_extName__Security Analysis

Chromev4.4.36MV3February 16, 2026 at 03:31 PM

9.4CRITICAL

9.4 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 19 permissions including high-risk ones, 341 code findings, 3 dangerous combinations.

Dangerous Combinations(3)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

HIGHTab tracking + external communication

Extension tracks open tabs and communicates with external servers — potential browsing surveillance.

tabs+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

3.9/10

Permissions(19 analyzed)

Code Findings(28 patterns, 341 total)

Libraries(1 detected)

1 library detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(2 findings)

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW

externally_connectableExternal messaging enabled

Extension accepts messages from 2 external pattern(s). Verify these are trusted origins.

External Domains(39)

accounts.google.comapi.inboxsdk.comapp.box.comapp.hubspot.comapps.apple.comapps.microsoft.comawesomescreenshot.s3.amazonaws.comblog.awesomescreenshot.comcdn.loom.comcdn.webrtc-experiment.comcontent.dropboxapi.comdrive.google.comfb.megithub.comguideid.atlassian.comjspdf.default.namespaceurimacmail.google.commyaccount.google.people-pa.clients6.google.compluspreview.diigo.compubsub.googleapis.comradish-blueberry-jd5breactjs.orgsider.aissl.gstatic.comsupport.awesomescreenshot.comupload.box.comwindowswww.awesomescreenshot.comwww.dropbox.comwww.google-analytics.comwww.googleapis.comwww.gstatic.comwww.inboxsdk.comwww.vidline.comyoutu.be