Is YesCaptcha assistant safe to use?

YesCaptcha assistant has a risk level of HIGH with an overall risk score of 7.0/10. Our scan detected 51 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does YesCaptcha assistant request?

YesCaptcha assistant requests the following permissions: storage, contextMenus, alarms. It also requests host access to: , http://*/*, https://*/*.

What is YesCaptcha assistant's risk score?

YesCaptcha assistant has an overall risk score of 7.0/10 (HIGH). Breakdown: Permissions 7.0/10, Code 9.3/10, Combinations 10.0/10, CSP 3.1/10.

ExtSafe

YesCaptcha assistantSecurity Analysis

Chromev1.3.4MV3February 18, 2026 at 12:12 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

Critical2024-12Resolved

Compromised in Cyberhaven supply chain attack

Extension was among 35+ extensions compromised in the December 2024 supply chain attack campaign that injected data-stealing code.

7.0HIGH

7.0 HIGHRaw: 7.8

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 6 permissions including high-risk ones, 48 code findings, 1 dangerous combination.

Trust Signals(3.5/10)

Users

100K

Rating

4.2(22 reviews)

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

9.3/10

Combinations

10.0/10

Manifest/CSP

3.1/10

Permissions(6 analyzed)

Code Findings(13 patterns, 48 total)

Libraries(2 detected)

2 libraries detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(1 finding)

Resolved from __MSG_* i18n placeholders:

Name: YesCaptcha assistant

Description: captcha assistant

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

External Domains(10)

api.yescaptcha.comappleid.apple.comdev.yescaptcha.comdiscord.comgithub.commui.commysignins.microsoft.complugin-api.yescaptcha.comreactjs.orgyescaptcha.com