Lead Finder by Emailchaser
Version 1.0.2 View in Chrome Web Store
Last scanned: 1 day ago
| force re-scan
Extension Details
Rating:
4.7 ★
Users:
904
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors: The extension has a relatively small user base of 904 users and a high rating of 4.7, which suggests positive user experiences among early adopters. However, the limited adoption raises questions about widespread validation. The lack of visible developer information reduces transparency and accountability.
Concerns: The webRequest permission is particularly concerning as it allows the extension to intercept and modify all web traffic, which goes beyond what's typically needed for lead generation. The broad host permissions combined with access to LinkedIn's sales API endpoints creates significant privacy risks, as the extension can monitor sensitive business communications and prospect data. The ability to access external IP geolocation services (freeipapi.com) suggests data collection that may extend beyond LinkedIn. The storage permission, while common, allows persistent data retention without clear visibility into what information is being stored locally.
Recommendations: Given the high-risk permissions and limited user base, consider running this extension in a separate Chrome profile dedicated to lead generation activities. Carefully review what data the extension collects and ensure it aligns with your organization's privacy policies. Monitor network activity when the extension is active to understand what data is being transmitted. Consider whether the lead generation benefits justify the broad access permissions, and evaluate alternative tools with more restrictive permissions if available.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 4 total findings, ranked without considering overall context, including 2 high-risk and 2 medium-risk findings.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Access to Sensitive Domains
This extension requests access to sensitive domains: *://www.linkedin.com/sales-api/*, *://www.linkedin.com/sales/*, *://linkedin.com/sales/*. Ensure you trust this extension with access to these sites.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- webRequest
- storage
Host Permissions:
- *://www.linkedin.com/sales-api/*
- *://www.linkedin.com/sales/*
- *://linkedin.com/sales/*
- *://freeipapi.com/api/json
Embedded URLs (16 total):
| https://www.linkedin.com/sales-api/salesApiLeadSearch | https://www.linkedin.com/sales-api/salesApiPeopleSearch | |
| https://www.linkedin.com | https://linkedin.com | |
| https://freeipapi.com/api/json | https://app.emailchaser.com/lead-finder/linkedin-sales-navigator | |
| http://www.w3.org/2000/svg | https://www.linkedin.com/sales/lists/people/ | |
| https://www.linkedin.com/sales/search/people? | https://linkedin.com/sales/lists/people/ | |
| https://linkedin.com/sales/search/people? | https://clients2.google.com/service/update2/crx | |
| https://www.linkedin.com/sales/ | https://linkedin.com/sales/ | |
| https://www.linkedin.com/sales/search/people?viewAllFilters=true | https://app.emailchaser.com/lead-finder |
Raw Manifest
{ "name": "Lead Finder by Emailchaser", "icons": { "16": "icon16.png", "32": "icon32.png", "48": "icon48.png", "128": "icon128.png" }, "action": { "default_icon": { "16": "icon16.png", "32": "icon32.png", "48": "icon48.png", "128": "icon128.png" }, "default_popup": "popup.html", "default_title": "Lead Finder by Emailchaser" }, "version": "1.0.2", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Lead Finder is an extension that allows you to export leads from LinkedIn with their email addresses.", "permissions": [ "webRequest", "storage" ], "content_scripts": [ { "js": [ "content.js" ], "matches": [ "https://www.linkedin.com/sales/*", "https://linkedin.com/sales/*" ] } ], "host_permissions": [ "*://www.linkedin.com/sales-api/*", "*://www.linkedin.com/sales/*", "*://linkedin.com/sales/*", "*://freeipapi.com/api/json" ], "manifest_version": 3, "externally_connectable": { "matches": [ "*://*.emailchaser.com/*" ] } }
Secure Annex (beta)
Coming soon...