Is SponsorBlock for YouTube - Skip Sponsorships safe to use?

SponsorBlock for YouTube - Skip Sponsorships has a risk level of LOW with an overall risk score of 2.7/10. Our scan detected 49 security findings. This extension appears relatively safe.

What permissions does SponsorBlock for YouTube - Skip Sponsorships request?

SponsorBlock for YouTube - Skip Sponsorships requests the following permissions: storage, scripting, unlimitedStorage. It also requests host access to: https://*.youtube.com/*, https://sponsor.ajay.app/*, https://www.youtube-nocookie.com/embed/*.

What is SponsorBlock for YouTube - Skip Sponsorships's risk score?

SponsorBlock for YouTube - Skip Sponsorships has an overall risk score of 2.7/10 (LOW). Breakdown: Permissions 7.0/10, Code 3.7/10, Combinations 0.0/10, CSP 5.0/10.

ExtSafe

SponsorBlock for YouTube - Skip SponsorshipsSecurity Analysis

Chromev6.1.2MV3March 16, 2026 at 07:03 PM

Safe to use

This extension appears safe based on its code analysis and 2M+ users, a 4.7 star rating.

2.7LOW

2.7 LOWRaw: 4.1

This extension shows low risk. Some minor findings were detected but nothing that raises significant concern.

Based on 6 permissions including high-risk ones, 45 code findings.

Trust Signals(6.0/10)

Users

2.0M

Rating

4.7(3K reviews)

Status

Featured

Permissions

7.0/10

Code

3.7/10

Combinations

0.0/10

Manifest/CSP

5.0/10

Permissions(6 analyzed)

Code Findings(13 patterns, 45 total)

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: SponsorBlock for YouTube - Skip Sponsorships

Description: Skip sponsorships, subscription begging and more on YouTube videos. Report sponsors on videos you watch to save others' time.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(20)

*.ajay.appblog.ajay.appbugs.webkit.orgchat.sponsor.ajay.appcreativecommons.orgdearrow.ajay.appdiscord.gggist.github.comgithub.commatrix.tomchang.nameraw.githubusercontent.comreactjs.orgsponsor.ajay.appwiki.sponsor.ajay.appwww.flaticon.comwww.youtube.comyoutu.beyoutube.com