WAVE Evaluation ToolSecurity Analysis

Chromev3.3.0.4MV3March 1, 2026 at 05:08 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

5.7MEDIUM

5.7 MEDIUMRaw: 7.1

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 7 permissions including high-risk ones, 18 code findings, 1 dangerous combination.

Trust Signals(4.0/10)

Users

700K

Rating

3.8(154 reviews)

Status

Featured

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

6.3/10

Combinations

10.0/10

Manifest/CSP

5.0/10

Permissions(7 analyzed)

Code Findings(12 patterns, 18 total)

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(3)

overlayfactsheet.comwave.webaim.orgwebaim.org

Indicators of Compromise

6 indicators of compromise found

File Statistics

152

Total Files

5

JS Files

958.5 KB

Total Size

Other Scanned Extensions

Obsidian Web Clipper

Save Image As...

Image downloader - Imageye

uBlock Origin Lite