Is Rewards Search Automator safe to use?

Rewards Search Automator has a risk level of HIGH with an overall risk score of 6.6/10. Our scan detected 26 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Rewards Search Automator request?

Rewards Search Automator requests the following permissions: tabs, storage, alarms, browsingData, webNavigation, history, debugger. It also requests host access to: , *://*.bing.com/*.

What is Rewards Search Automator's risk score?

Rewards Search Automator has an overall risk score of 6.6/10 (HIGH). Breakdown: Permissions 9.5/10, Code 7.9/10, Combinations 7.0/10, CSP 1.7/10.

ExtSafe

Rewards Search AutomatorSecurity Analysis

Chromev1.6.5MV3February 18, 2026 at 12:11 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

Critical2024-12Resolved

Compromised in Cyberhaven supply chain attack

Extension was among 35+ extensions compromised in the December 2024 supply chain attack campaign that injected data-stealing code.

6.6HIGH

6.6 HIGHRaw: 7.3

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 9 permissions including high-risk ones, 19 code findings, 1 dangerous combination.

Trust Signals(2.5/10)

Users

80K

Rating

4.3(811 reviews)

Dangerous Combinations(1)

HIGHHistory access + external communication

Extension reads browsing history and sends data externally — potential history exfiltration.

history+external network request

Permissions

9.5/10

Code

7.9/10

Combinations

7.0/10

Manifest/CSP

1.7/10

Permissions(9 analyzed)

Code Findings(11 patterns, 19 total)

Libraries(3 detected)

3 libraries detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(0 findings)

No manifest-level concerns found.

External Domains(25)

api.gumroad.combuildwithkt.devchromewebstore.google.comdatahub.iodiscord.gggetprojects.gumroad.comgetprojects.notion.sitegithub.comgumroad.comhostnamejquery.comjquery.orgjsfiddle.netlocalhostmaven.google.commysitepreprod.nom.frrewards.bing.comtnc.buildwithkt.devwww.apple.comwww.bing.comwww.codechef.comwww.mysitewww.youtube.com{mywebsite