Extension Details
Context-Aware Verdict
The extension has a solid user base of 200,000 users with a strong 4.6-star rating from 678 reviews, indicating positive user experiences. The developer provides a dedicated website for the extension, suggesting some level of commitment and transparency. The extension uses Manifest V3, which is the more secure and modern extension framework.
The primary concern is the broad content script injection across all HTTP and HTTPS websites. While the extension only requests storage permissions, the ability to run scripts on every website you visit creates potential privacy and security implications. The storage permission, while necessary for functionality, could be used to collect and store browsing data. The lack of specific host permissions means the extension operates universally rather than on targeted sites, which may be excessive depending on its actual purpose.
Given the moderate user base and positive ratings, this extension appears relatively trustworthy for general use. However, if you're particularly privacy-conscious, consider reviewing what data the extension actually collects by checking its privacy policy on the developer's website. Monitor your browsing experience for any unexpected behavior. The risk level remains low due to limited permissions, but the universal content script access warrants some caution. Running in a separate profile isn't necessary unless you handle highly sensitive information regularly.
Findings
Security Analysis Details
Required Permissions:
- storage
Embedded URLs (6 total):
| https://clients2.google.com/service/update2/crx | https://zokuzoku.github.io/cat-gatekeeper/#faq | |
| https://zokuzoku.github.io/ja/cat-gatekeeper/#faq | https://zokuzoku.github.io/cat-gatekeeper/desktop/ | |
| https://zokuzoku.github.io/ja/cat-gatekeeper/desktop/ | https://zokuzoku.github.io/cat-gatekeeper/ |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "assets/nekoicon16.png", "48": "assets/nekoicon48.png", "128": "assets/nekoicon128.png" }, "action": { "default_icon": { "16": "assets/nekoicon16.png", "48": "assets/nekoicon48.png" }, "default_popup": "popup.html", "default_title": "__MSG_appName__" }, "version": "1.1.8", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDescription__", "permissions": [ "storage" ], "default_locale": "en", "content_scripts": [ { "js": [ "shared.js", "content.js" ], "matches": [ "http://*/*", "https://*/*" ] } ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "http://*/*", "https://*/*" ], "resources": [ "assets/*", "content.css" ] } ], "browser_specific_settings": { "gecko": { "id": "cat-gatekeeper@nagomi.designer", "strict_min_version": "142.0", "data_collection_permissions": { "optional": [], "required": [ "none" ] } } } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.