Is Web PKI safe to use?

Web PKI has a risk level of HIGH with an overall risk score of 6.5/10. Our scan detected 35 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Web PKI request?

Web PKI requests the following permissions: nativeMessaging, storage, downloads, tabs. It also requests host access to: http://*/*, https://*/*.

What is Web PKI's risk score?

Web PKI has an overall risk score of 6.5/10 (HIGH). Breakdown: Permissions 8.5/10, Code 6.7/10, Combinations 10.0/10, CSP 1.7/10.

ExtSafe

Web PKISecurity Analysis

Chromev2.17.0MV3February 18, 2026 at 11:38 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

6.5HIGH

6.5 HIGHRaw: 7.2

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 6 permissions including high-risk ones, 30 code findings, 2 dangerous combinations.

Trust Signals(2.5/10)

Users

3.0M

Rating

2.2(358 reviews)

Dangerous Combinations(2)

CRITICALNative messaging + dynamic code execution

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

nativeMessaging+eval/Function/dynamic code

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

8.5/10

Code

6.7/10

Combinations

10.0/10

Manifest/CSP

1.7/10

Permissions(6 analyzed)

Code Findings(18 patterns, 30 total)

Libraries(1 detected)

1 library detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(0 findings)

No manifest-level concerns found.

External Domains(29)

angular.iobit.lychromewebstore.google.comcloud.lacunasoftware.comcoderwall.comcodingrepo.comcrestidg.comdemos.lacunasoftware.comfx.lacunasoftware.comg.coget.webpkiplugin.comgetwebpkialpha.lacunasoftware.comgetwebpkibeta.lacunasoftware.comgithub.comkevin.vanzonneveld.netlacunasoftware.comlocalhostmaterial.angular.iopki.restraw.githubusercontent.comrestpki.comrestpki.lacunasoftware.comrestpkibeta.azurewebsites.netsnipplr.comstackoverflow.comwww.jsfromhell.comwww.openssl.orgwww.restpki.comwww.winternet.no