[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

GitHub DeepWiki Button (Unofficial)

Version 1.0.4 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 5.0 ★ (4 ratings)

Users: 1,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a perfect 5.0 rating, though based on only 4 reviews, which limits reliability. With 1,000 users, it has modest adoption but lacks extensive community validation. The unofficial nature and absence of clear developer information raises transparency concerns. The specific focus on GitHub integration suggests legitimate functionality, but the limited user base and review count make it difficult to establish strong trust.

Concerns:

The extension requests scripting permissions and host access specifically to GitHub, which aligns with its stated purpose of adding DeepWiki functionality. However, the broad host permissions flag indicates potential for data access beyond what's necessary. The lack of developer information makes it difficult to verify the creator's reputation or intentions. The "unofficial" designation means it's not endorsed by GitHub or DeepWiki, adding uncertainty about ongoing support and security updates.

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to development work if you frequently use GitHub and find the DeepWiki integration valuable. Monitor the extension's behavior and disable it if you notice any unexpected activity. Look for official alternatives or more established extensions with similar functionality. Given the medium risk and limited trust factors, only install if the DeepWiki integration is essential to your workflow, and regularly review whether continued use is justified.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://github.com/*. Ensure you trust this extension with access to these sites.

Raw Manifest

{
  "name": "GitHub DeepWiki Button (Unofficial)",
  "icons": {
    "16": "images/icon-16.png",
    "19": "images/icon-19.png",
    "32": "images/icon-32.png",
    "38": "images/icon-38.png",
    "48": "images/icon-48.png",
    "64": "images/icon-64.png",
    "128": "images/icon-128.png"
  },
  "version": "1.0.4",
  "background": {
    "service_worker": "scripts/background.js"
  },
  "short_name": "gh-deepwiki",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDescription__",
  "permissions": [
    "scripting"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "scripts/content.js"
      ],
      "css": [
        "styles/content.css"
      ],
      "run_at": "document_start",
      "matches": [
        "https://github.com/*"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "https://github.com/*"
  ],
  "manifest_version": 3,
  "minimum_chrome_version": "88.0",
  "web_accessible_resources": [
    {
      "matches": [
        "https://github.com/*"
      ],
      "resources": [
        "images/icon-16.png",
        "images/icon-19.png",
        "images/icon-32.png",
        "images/icon-38.png",
        "images/icon-48.png",
        "images/icon-64.png",
        "images/icon-128.png"
      ]
    }
  ]
}

by ✦ Astarte

GitHub DeepWiki Button (Unofficial)

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings

https://clients2.google.com/service/update2/crx	https://github.com/
https://deepwiki.com/	https://github.com/yamadashy/github-deepwiki