Is Primus safe to use?

Primus has a risk level of HIGH with an overall risk score of 7.4/10. Our scan detected 101 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Primus request?

Primus requests the following permissions: storage, unlimitedStorage, offscreen, webRequest, scripting. It also requests host access to: , https://padolabs.org/*, https://www.padolabs.org/*, https://events.padolabs.org/*, http://api-dev.padolabs.org:9094/*, http://api-dev.padolabs.org:8081/*, https://primuslabs.xyz/*, https://twitter.com/intent/follow?screen_name=primus_labs, https://x.com/intent/follow?screen_name=primus_labs, https://x.com/intent/follow?screen_name=monad_xyz, http://localhost:5173/*, http://api-dev.padolabs.org:38082/*, http://api-dev.padolabs.org:38089/*, https://dev.primuslabs.xyz/*, http://35.200.124.249/*, https://luckydraw.primuslabs.xyz/*, https://test-luckydraw.primuslabs.xyz/*, https://x.com/intent/follow?screen_name=*, https://x.com/intent/retweet?tweet_id=*, http://api-dev.padolabs.org:38098/*, http://app.primuslabs.xyz/*, https://app.primuslabs.xyz/*, http://localhost:5174/*, http://api-dev.padolabs.org:38093/*, http://pay.primuslabs.xyz/*, https://pay.primuslabs.xyz/*.

What is Primus's risk score?

Primus has an overall risk score of 7.4/10 (HIGH). Breakdown: Permissions 7.0/10, Code 9.8/10, Combinations 10.0/10, CSP 4.6/10.

ExtSafe

PrimusSecurity Analysis

Chromev0.3.45MV3February 18, 2026 at 12:10 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

Critical2024-12Resolved

Compromised in Cyberhaven supply chain attack

Extension was among 35+ extensions compromised in the December 2024 supply chain attack campaign that injected data-stealing code.

7.4HIGH

7.4 HIGHRaw: 8.2

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 31 permissions including high-risk ones, 73 code findings, 2 dangerous combinations.

Trust Signals(2.5/10)

Users

80K

Rating

4.3(73 reviews)

Dangerous Combinations(2)

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

9.8/10

Combinations

10.0/10

Manifest/CSP

4.6/10

Permissions(31 analyzed)

Code Findings(21 patterns, 73 total)

Libraries(1 detected)

1 library detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(3 findings)

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(137)

accounts.binance.comace.ioadamwdraper.github.comalpaca.marketsapi-cloud.{hostnameapi-pub.bitfinex.comapi-public.sandbox.pro.coinbase.comapi-test.ascendex-sandbox.comapi-testnet.{hostnameapi.bequant.ioapi.binance.comapi.binance.usapi.bitfinex.comapi.bitforex.comapi.bitopro.comapi.bitso.comapi.bittrex.comapi.bitvavo.comapi.bkex.comapi.bl3p.euapi.blockchain.comapi.btcmarkets.netapi.btcturk.comapi.coinbase.comapi.coinex.comapi.exchange.bitpanda.comapi.wallet.coinbase.comapi.{hostnameapidocs.bithumb.comascendex.comascendex.github.ioat.alicdn.comb1.runbequant.iobig.onebigone.zendesk.combinance-docs.github.iobit2c.co.ilbitbank.ccbitbns.combitflyer.combitgetlimited.github.iobitonic.nlbitrue.zendesk.combitso.combittrex.combittrex.github.iobittrex.zendesk.combitvavo.combkexapi.github.iobl3p.eublockchain.comblog.btcbox.jpbtc-alpha.combtc-alpha.github.iobtc-trade.com.uabtcmarkets.netbybit-exchange.github.iocex.iocoincheck.comdapi.binance.comdata.{hostnamedeveloper-pro.bitmart.comdevelopers.bitpanda.comdevelopers.coinbase.comdocs.bitbank.ccdocs.bitfinex.comdocs.bitvavo.comdocs.cloud.coinbase.comdocs.ethers.iodocs.exchange.coinbase.comdocs.google.comdocs.metamask.iodocs.pro.coinbase.comeapi.binance.comeips.ethereum.orgemscripten.orgen.bithumb.comexchange.blockchain.comexchange.coinbase.comexplorer-api.walletconnect.comexplorer.walletconnect.comfapi.binance.comfapi.bkex.comfeross.orggateway.ipfs.iogithub.comgraph-api.btcturk.comhelp.bitforex.comhelp.bybit.comhelpcenter.ace.iolightning.bitflyer.comlinks.ethers.orglocalhostmedium.comopen.big.onepaper-api.{hostnamepapi.binance.compro.coinbase.compublic.sandbox.exchange.coinbase.compublic.{hostnameraw.githubusercontent.comreactjs.orgref.bitbns.comsheetjs.comsupport.btcbox.co.jpsupport.coinbase.comsupport.pro.coinbase.comtestnet-api.delta.exchangetestnet.binance.visiontestnet.binancefuture.comtestnet.bitmex.comuser-images.githubusercontent.comwww.binance.comwww.binance.uswww.bit2c.co.ilwww.bitfinex.comwww.bitforex.comwww.bitget.ccwww.bitget.comwww.bithumb.comwww.bitmart.comwww.bitmex.comwww.bitopro.comwww.bitpanda.comwww.bitrue.comwww.bitstamp.netwww.bkex.comwww.btcbox.co.jpwww.btcturk.comwww.bybit.comwww.coinbase.comwww.coinex.comwww.ethercluster.comwww.okx.comwww.walletlink.org{hostname