[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Datto Autotask and Datto RMM Enhancements

Version 4.2 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Rating: 5.0 ★ (5 ratings)

Users: 300

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a perfect 5.0 rating but with only 5 reviews and 300 users, indicating limited adoption and feedback. The lack of visible author and developer information raises transparency concerns. The extension targets specific business tools (Datto Autotask and RMM), suggesting a niche professional use case, but the small user base is unusual for legitimate business software enhancements.

Concerns:

The combination of tabs permission with broad host access creates significant privacy risks. While the host permissions are limited to three specific domains (autotask.net, datto.com, screenconnect.com), the tabs permission allows monitoring of all browser activity across any website. The storage permission, while common, could be used to collect and retain sensitive business data accessed through these platforms. The low user count despite targeting enterprise tools suggests either very new software or limited legitimate adoption.

Recommendations:

Given the high-risk permissions and limited trust indicators, install this extension in a separate Chrome profile dedicated to Datto-related work only. Verify the extension's legitimacy through official Datto channels before use. Monitor the extension's behavior carefully and consider whether the claimed enhancements justify the broad access permissions. If possible, use alternative methods to achieve the same functionality without granting extensive browser permissions.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Datto Autotask and Datto RMM Enhancements",
  "icons": {
    "16": "/images/16.png",
    "32": "/images/32.png",
    "48": "/images/48.png",
    "128": "/images/128.png"
  },
  "action": {},
  "author": "Shammam Consulting Services, Inc.",
  "omnibox": {
    "keyword": "AT"
  },
  "version": "4.2",
  "background": {
    "service_worker": "background.js"
  },
  "options_ui": {
    "page": "options.html",
    "open_in_tab": true
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Adds buttons and functionality to Datto's Autotask and RMM websites and to ScreenConnect when accessed via Datto RMM.",
  "permissions": [
    "tabs",
    "scripting",
    "storage",
    "alarms"
  ],
  "host_permissions": [
    "*://*.autotask.net/*",
    "*://*.datto.com/*",
    "*://*.screenconnect.com/*"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "ids": [
      "*"
    ],
    "matches": [
      "*://*.autotask.net/*",
      "*://*.datto.com/*",
      "*://*.screenconnect.com/*"
    ],
    "accepts_tls_channel_id": false
  },
  "optional_host_permissions": [
    "<all_urls>"
  ]
}

by ✦ Astarte

Datto Autotask and Datto RMM Enhancements

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings