Tonalis Audio RecorderSecurity Analysis

Dynamically sets a script's src attribute to load external code at runtime.

Injects and executes scripts in web pages programmatically.

Object.defineProperty() called on window — can intercept and override built-in browser APIs.

Sends messages via Chrome runtime, could communicate with external services.

Line exceeds 5000 characters (entropy: 5.519847143798235)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

Creates a Web Worker, which runs code in a separate thread — can be used for background computation or crypto mining.