[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

店查查-淘宝店铺数据分析-天猫店侦探监控

Version 3.0.2 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Developer: jdchacha.com

Rating: 3.1 ★ (10 ratings)

Users: 10,000

Context-Aware Verdict

HIGH

Overall Risk

Based on 4 total findings, including 3 high-risk findings.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

Unsafe WebAssembly Execution

This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
sidePanel

Host Permissions:

https://s.taobao.com/search*
https://s.taobao.com/list*
https://list.tmall.com/search_product*
https://*.taobao.com/shop/view_shop*
https://*.taobao.com/search*
https://*.taobao.com/category*
https://*.tmall.com/category*
https://*.tmall.com/search*
https://jupage.taobao.com/wow/tttj/act/index
https://g.taobao.com/brand_detail*
https://ju.taobao.com/*
https://ju.tmall.com/*
https://jusp.tmall.com/act/o/*
https://content.tmall.com/wow/pegasus/subject/*
https://www.taobao.com/
https://www.taobao.com/markets/*
https://fuwu.taobao.com/*
https://weike.taobao.com/*
https://newamp.taobao.com/*
https://trade.taobao.com/*
https://buyertrade.taobao.com/*
https://subway.simba.taobao.com/*
https://shoucang.taobao.com/*
https://ai.taobao.com/*
https://www.jdchacha.com/*

Content Security Policy:

extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self';
sandbox: sandbox allow-scripts; script-src 'self' https://*.taobao.com; object-src 'self';

Embedded URLs (94 total):

http://www.w3.org/1998/Math/MathML	http://www.w3.org/2000/svg
http://www.w3.org/1999/xhtml	https://github.com/wxt-dev/wxt/issues/371
https://wxt.dev/guide/go-further/testing.html	https://www.jdchacha.com/chajian/help/?fr=
https://www.jdchacha.com/chajian/?uninstall=1&v=	https://clients2.google.com/service/update2/crx
https://ai.taobao.com/	https://buyertrade.taobao.com/
https://chaoshi.detail.tmall.com/item.htm	https://content.tmall.com/wow/pegasus/subject/
https://detail.ju.taobao.com/	https://detail.liangxinyao.com/
https://detail.tmall.com/	https://detail.tmall.hk/
https://fuwu.taobao.com/	https://g.taobao.com/brand_detail.htm
https://item.taobao.com/	https://ju.taobao.com/
https://ju.tmall.com/	https://jupage.taobao.com/wow/tttj/act/index
https://jusp.tmall.com/act/o/	https://list.tmall.com/search_product.htm
https://newamp.taobao.com/	https://s.taobao.com/
https://s.taobao.com/list	https://s.taobao.com/search
https://shoucang.taobao.com/	https://subway.simba.taobao.com/
https://trade.taobao.com/	https://traveldetail.fliggy.com/item.htm
https://weike.taobao.com/	https://www.taobao.com/
https://www.taobao.com/markets/	https://list.tmall.com/search_product
https://g.taobao.com/brand_detail	https://www.jdchacha.com/
https://tailwindcss.com	https://github.com/mozdevs/cssremedy/issues/4
https://github.com/tailwindcss/tailwindcss/pull/116	https://bugzilla.mozilla.org/show_bug.cgi?id=190655
https://bugs.chromium.org/p/chromium/issues/detail?id=999088	https://bugs.webkit.org/show_bug.cgi?id=201297
https://bugs.chromium.org/p/chromium/issues/detail?id=935729	https://bugs.webkit.org/show_bug.cgi?id=195016
https://github.com/mozilla/gecko-dev/blob/2f9eacd9d3d995c937b4251a5557d95d494c9be1/layout/style/res/forms.css#L728-L737	https://github.com/tailwindlabs/tailwindcss/issues/3300
https://github.com/mozdevs/cssremedy/issues/14	https://github.com/jensimmons/cssremedy/issues/14#issuecomment-634934210
https://github.com/primer/github-syntax-light	https://svelte.dev/e/effect_in_teardown
https://svelte.dev/e/effect_in_unowned_derived	https://svelte.dev/e/effect_orphan
https://svelte.dev/e/effect_update_depth_exceeded	https://svelte.dev/e/state_descriptors_fixed
https://svelte.dev/e/state_prototype_fixed	https://svelte.dev/e/state_unsafe_mutation
https://svelte.dev/e/lifecycle_outside_component	https://api.jsiwa.top
https://github.com/highlightjs/highlight.js/issues/2277	https://github.com/highlightjs/highlight.js/wiki/security
https://mms.pinduoduo.com/goods/category	https://item.upload.taobao.com/sell/ai/category.htm
https://www.jdchacha.com/chajian/sidepanel	https://html.spec.whatwg.org/multipage/custom-elements.html#valid-custom-element-name
https://github.com/nodeca/pako	https://h5api.m.
https://svelte.dev/e/props_invalid_value	https://ext.jdchacha.com
https://item.taobao.com/item.htm?id=	https://www.jdchacha.com/?from=
https://cdn.amz800.com/dcc/kefu3.png	https://suggest.taobao.com/sug?area=c2c&k=1&q=
https://github.com/ecomfe/zrender/blob/master/LICENSE.txt	http://www.w3.org/1999/xlink
http://www.w3.org/2000/xmlns/	http://www.w3.org/XML/1998/namespace
https://static.jdchacha.com/extension/img/external-link.png	https://static.jdchacha.com/v1/img/common/wx.jpg

Page 1 of 2

Raw Manifest

{
  "name": "店查查-淘宝店铺数据分析-天猫店侦探监控",
  "icons": {
    "16": "icon/16.png",
    "32": "icon/32.png",
    "48": "icon/48.png",
    "96": "icon/96.png",
    "128": "icon/128.png"
  },
  "action": {},
  "version": "3.0.2",
  "background": {
    "service_worker": "background.js"
  },
  "side_panel": {
    "default_path": "sidepanel.html"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "店查查插件极速版本支持淘宝天猫主流电商",
  "permissions": [
    "storage",
    "sidePanel"
  ],
  "content_scripts": [
    {
      "js": [
        "libs/jquery.js",
        "libs/jszip.min.js"
      ],
      "run_at": "document_start",
      "matches": [
        "*://*/*",
        "<all_urls>"
      ]
    },
    {
      "js": [
        "content-scripts/content.js"
      ],
      "run_at": "document_end",
      "matches": [
        "*://*.jdchacha.com/*",
        "*://*.jsiwa.com/*",
        "*://haohuo.jinritemai.com/ecommerce/trade/detail/index.html*",
        "*://mobile.yangkeduo.com/goods*",
        "*://www.xiaohongshu.com/goods-detail/*",
        "https://*.taobao.com/category.htm*",
        "https://*.taobao.com/search.htm*",
        "https://*.taobao.com/shop/view_shop.htm*",
        "https://*.tmall.com/category-*",
        "https://*.tmall.com/category.htm*",
        "https://*.tmall.com/search.htm*",
        "https://ai.taobao.com/*",
        "https://buyertrade.taobao.com/*",
        "https://chaoshi.detail.tmall.com/item.htm*",
        "https://content.tmall.com/wow/pegasus/subject/*",
        "https://detail.ju.taobao.com/*",
        "https://detail.liangxinyao.com/*",
        "https://detail.tmall.com/*",
        "https://detail.tmall.hk/*",
        "https://fuwu.taobao.com/*",
        "https://g.taobao.com/brand_detail.htm*",
        "https://item.taobao.com/*",
        "https://ju.taobao.com/*",
        "https://ju.tmall.com/*",
        "https://jupage.taobao.com/wow/tttj/act/index",
        "https://jusp.tmall.com/act/o/*",
        "https://list.tmall.com/search_product.htm*",
        "https://list.tmall.com/search_product.htm*",
        "https://newamp.taobao.com/*",
        "https://s.taobao.com/*",
        "https://s.taobao.com/list*",
        "https://s.taobao.com/search*",
        "https://shoucang.taobao.com/*",
        "https://subway.simba.taobao.com/*",
        "https://trade.taobao.com/*",
        "https://traveldetail.fliggy.com/item.htm*",
        "https://weike.taobao.com/*",
        "https://www.taobao.com/",
        "https://www.taobao.com/markets/*"
      ]
    }
  ],
  "host_permissions": [
    "https://s.taobao.com/search*",
    "https://s.taobao.com/list*",
    "https://list.tmall.com/search_product*",
    "https://*.taobao.com/shop/view_shop*",
    "https://*.taobao.com/search*",
    "https://*.taobao.com/category*",
    "https://*.tmall.com/category*",
    "https://*.tmall.com/search*",
    "https://jupage.taobao.com/wow/tttj/act/index",
    "https://g.taobao.com/brand_detail*",
    "https://ju.taobao.com/*",
    "https://ju.tmall.com/*",
    "https://jusp.tmall.com/act/o/*",
    "https://content.tmall.com/wow/pegasus/subject/*",
    "https://www.taobao.com/",
    "https://www.taobao.com/markets/*",
    "https://fuwu.taobao.com/*",
    "https://weike.taobao.com/*",
    "https://newamp.taobao.com/*",
    "https://trade.taobao.com/*",
    "https://buyertrade.taobao.com/*",
    "https://subway.simba.taobao.com/*",
    "https://shoucang.taobao.com/*",
    "https://ai.taobao.com/*",
    "https://www.jdchacha.com/*"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "sandbox": "sandbox allow-scripts; script-src 'self' https://*.taobao.com; object-src 'self';",
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "injected.js",
        "content-scripts/content.css",
        "tailwind.css",
        "assets/*",
        "icon/*",
        "libs/*"
      ]
    }
  ]
}

by ✦ Astarte

店查查-淘宝店铺数据分析-天猫店侦探监控

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (94 total):

Raw Manifest

Detections

Manifest Findings