Shadowban Scanner for Twitter / X
Version 4.1.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a moderate user base of 40,000 users and a decent rating of 3.8/5, suggesting general user satisfaction. The specific purpose of detecting Twitter/X shadowbans is legitimate and addresses a real user concern. The developer domain appears dedicated to this functionality, which adds some credibility. However, the relatively low number of reviews (32) compared to the user base may indicate limited user engagement or feedback.
The primary concern is the broad host permissions for Twitter/X domains, which grants extensive access to all content on these platforms. While the storage permission is standard for functionality, the extension can potentially access all user interactions, tweets, direct messages, and personal data on Twitter/X. The high-risk finding regarding broad host permissions is particularly concerning given the sensitive nature of social media data. The extension could theoretically monitor all Twitter/X activity, not just shadowban detection.
Consider running this extension in a separate Chrome profile dedicated to Twitter/X usage to limit potential data exposure from other browsing activities. Regularly review the extension's behavior and disable it when not actively checking for shadowbans. Monitor for any unusual network activity or data requests. Given the moderate risk level, users should weigh the utility of shadowban detection against the broad access permissions required.
Findings
Security Analysis Details
Required Permissions:
- storage
Host Permissions:
- https://*.twitter.com/*
- https://*.x.com/*
Embedded URLs (47 total):
| https://clients2.google.com/service/update2/crx | https://shadowban-scanner.roboin.io/ | |
| https://x.com/keita_roboin | https://github.com/Robot-Inventor/shadowban-scanner/blob/main/LICENSE | |
| http://www.w3.org/2000/svg | https://github.com/lit/lit.git | |
| https://registry.npmjs.org/@lit/reactive-element/-/reactive-element-2.1.2.tgz | https://github.com/material-components/material-web.git | |
| https://registry.npmjs.org/@material/web/-/web-2.4.1.tgz | http://www.apache.org/licenses/ | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://github.com/Robot-Inventor/ts-utils.git | |
| https://registry.npmjs.org/@robot-inventor/ts-utils/-/ts-utils-0.8.6.tgz | https://github.com/Robot-Inventor/async-query.git | |
| https://registry.npmjs.org/async-query/-/async-query-3.0.3.tgz | https://registry.npmjs.org/lit/-/lit-3.3.2.tgz | |
| https://registry.npmjs.org/lit-element/-/lit-element-4.2.2.tgz | https://registry.npmjs.org/lit-html/-/lit-html-3.3.2.tgz | |
| https://github.com/Microsoft/tslib.git | https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz | |
| https://github.com/Robot-Inventor/twi-ext.git | https://registry.npmjs.org/twi-ext/-/twi-ext-1.1.1.tgz | |
| https://github.com/mozilla/webextension-polyfill.git | https://registry.npmjs.org/webextension-polyfill/-/webextension-polyfill-0.12.0.tgz | |
| http://mozilla.org/MPL/2.0/. | https://stackoverflow.com/questions/9769587/set-div-to-have-its-siblings-width/48226415#48226415 | |
| https://github.com/Robot-Inventor/shadowban-scanner/releases/tag/v | https://github.com/twitter/twemoji/blob/master/LICENSE-GRAPHICS | |
| https://github.com/twitter/twemoji | https://github.com/ | |
| https://roboin.io/article/2026/04/17/shadowban-scanner-v4-1-0 | https://roboin.io/article/en/2026/04/17/shadowban-scanner-v4-1-0/ | |
| https://x.com/intent/tweet?text= | https://x.com | |
| https://shadowban-scanner.roboin.io/en/ | https://shadowban-scanner.roboin.io/ja/ | |
| https://x.com/ | https://x.com/i/status/ | |
| https://help.twitter.com/rules-and-policies/notices-on-twitter | https://roboin.io/article/2023/09/30/detect-twitter-shadowban/en/#usage | |
| https://roboin.io/article/2023/09/30/detect-twitter-shadowban/#%E4%BD%BF%E3%81%84%E6%96%B9 | https://help.twitter.com/rules-and-policies/post-withheld-by-country | |
| https://github.com/Robot-Inventor/shadowban-scanner/blob/main/doc/en/about-shadowban.md | https://github.com/Robot-Inventor/shadowban-scanner/ | |
| https://github.com/Robot-Inventor/shadowban-scanner/blob/main/doc/en/how-to-support.md | https://github.com/Robot-Inventor/shadowban-scanner/blob/main/doc/ja/about-shadowban.md | |
| https://github.com/Robot-Inventor/shadowban-scanner/blob/main/doc/ja/how-to-support.md |
Raw Manifest
{ "name": "Shadowban Scanner for Twitter / X", "icons": { "16": "image/icon16.png", "48": "image/icon48.png", "128": "image/icon128.png" }, "action": { "default_icon": { "16": "image/icon16.png", "48": "image/icon48.png", "128": "image/icon128.png" }, "default_popup": "html/browserAction.html", "default_title": "Shadowban Scanner" }, "version": "4.1.0", "background": { "service_worker": "js/background.js" }, "short_name": "Shadowban Scanner", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_manifest_description__", "permissions": [ "storage" ], "default_locale": "en", "content_scripts": [ { "js": [ "js/contentScript.js" ], "css": [ "css/style.css" ], "matches": [ "https://*.twitter.com/*", "https://*.x.com/*" ] } ], "host_permissions": [ "https://*.twitter.com/*", "https://*.x.com/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "https://*.twitter.com/*", "https://*.x.com/*" ], "resources": [ "js/pageScript.js", "image/*" ] } ], "browser_specific_settings": { "gecko": { "id": "{8fee6fa8-6d95-4b9e-9c51-324c207fabff}" }, "gecko_android": {} } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.