Is WOT: Website Security & Safety Checker safe to use?

WOT: Website Security & Safety Checker has a risk level of HIGH with an overall risk score of 6.3/10. Our scan detected 111 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does WOT: Website Security & Safety Checker request?

WOT: Website Security & Safety Checker requests the following permissions: tabs, contextMenus, webNavigation, webRequest, declarativeNetRequest, declarativeNetRequestFeedback, storage, scripting, alarms. It also requests host access to: http://www.mywot.com/*, http://api.mywot.com/*, https://api.mywot.com/*, http://*/*, https://*/*, *://*.mywot.com/*.

What is WOT: Website Security & Safety Checker's risk score?

WOT: Website Security & Safety Checker has an overall risk score of 6.3/10 (HIGH). Breakdown: Permissions 8.0/10, Code 8.2/10, Combinations 10.0/10, CSP 4.3/10.

ExtSafe

WOT: Website Security & Safety CheckerSecurity Analysis

Chromev5.9.2MV3February 18, 2026 at 12:07 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

High2016-11Resolved

Selling 'anonymized' but traceable user browsing data

WOT collected full browsing histories and sold supposedly anonymized data that journalists were able to de-anonymize and trace back to individual users.

View source →

6.3HIGH

6.3 HIGHRaw: 7.9

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 15 permissions including high-risk ones, 99 code findings, 2 dangerous combinations.

Trust Signals(5.5/10)

Users

700K

Rating

4.3(11K reviews)

Status

Featured

Dangerous Combinations(2)

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

8.0/10

Code

8.2/10

Combinations

10.0/10

Manifest/CSP

4.3/10

Permissions(15 analyzed)

Code Findings(25 patterns, 99 total)

Libraries(3 detected)

3 libraries detected, 2 with known vulnerabilities

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: WOT: Website Security & Safety Checker

Description: Stay safe online with WOT, the ultimate website security and safety check extension

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(51)

$1.${app_mywot_host_url${e${k${r${root______addons.mozilla.orgaddons.opera.comanalytics.api.mywot.comapi.mywot.comapp.${rootapp.mywot.comauth.api.mywot.combit.lybugs.chromium.orgcdn.growthbook.iochromewebstore.google.comdocs.google.comecma-international.orgexample.comfacebook.github.iofb.megithub.comgoo.glgrowthbook.mywot.comitunes.apple.comjquery.orgleak.api.mywot.comlodash.commicrosoftedge.microsoft.comnpms.ioplay.google.complus.google.comreactjs.orgscore.mywot.comscorecard.api.mywot.comsecure.mywot.comstatic.${rootstatic.mywot.comsupport.mywot.comtest-79856.firebaseio.comtwitter.comunderscorejs.orguser.api.mywot.comweb.whatsapp.comwotsurveys.typeform.comwww.ecma-international.orgwww.facebook.comwww.mywot.com