Extension Details
Context-Aware Verdict
The extension has extremely low adoption with only 13 users, which is concerning for legitimacy. The lack of rating information and missing last updated date suggests poor maintenance or potential abandonment. The developer is identified only by a domain name (socialpostbuddy.com) without additional verification details, which provides limited accountability. The extension's purpose is unclear from the minimal description provided.
Given the high-risk tabs permission combined with extremely low adoption and poor transparency, avoid installing this extension entirely. If you must test it for research purposes, use a completely separate Chrome profile with no sensitive data or important accounts logged in. Consider looking for well-established alternatives with clear functionality descriptions, higher user bases, and recent updates to Manifest V3.
Findings
Security Analysis Details
Required Permissions:
- tabs
- storage
Content Security Policy:
- script-src 'self' https://ajax.googleapis.com https://kit.fontawesome.com; object-src 'self'
Embedded URLs (25 total):
| http://getbootstrap.com | https://github.com/twbs/bootstrap/blob/master/LICENSE | |
| https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css | https://sweetalert.js.org | |
| https://clients2.google.com/service/update2/crx | https://ajax.googleapis.com | |
| https://kit.fontawesome.com | https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css | |
| https://maxcdn.bootstrapcdn.com/font-awesome/4.6.2/css/font-awesome.min.css | https://kit.fontawesome.com/57a6440c7f.js | |
| https://socialpostbuddy.com/api/user/ | https://stackoverflow.com/a/9229932/1620946 | |
| https://www.socialpostbuddy.com | https://www.facebook.com/socialpostbuddy | |
| https://m.me/socialpostbuddy | https://socialpostbuddy.com/wp-login.php?action=lostpassword | |
| https://socialpostbuddy.com/wp-login.php?action=register | https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js | |
| http://developer.chrome.com/extensions/examples/api/bookmarks/basic.zip | https://developers.google.com/open-source/licenses/bsd | |
| https://developer.chrome.com/extensions/bookmarks#method-create | https://developer.chrome.com/extensions/bookmarks#method-getTree | |
| https://developer.chrome.com/extensions/bookmarks#method-remove | https://developer.chrome.com/extensions/bookmarks#method-update | |
| https://developer.chrome.com/extensions/tabs#method-create |
Raw Manifest
{ "name": "SocialPostBuddy", "icons": { "128": "icon-128x128.png" }, "version": "1.1.1.11", "background": { "scripts": [ "js/background.js" ], "persistent": false }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "SocialPostBuddy", "permissions": [ "tabs", "storage" ], "browser_action": { "default_icon": "iconsds.png", "default_popup": "popup.html", "default_title": "SocialPostBuddy" }, "manifest_version": 2, "content_security_policy": "script-src 'self' https://ajax.googleapis.com https://kit.fontawesome.com; object-src 'self'" }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.