[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Tentatively

Version 0.3 View in Chrome Web Store

Last scanned: about 9 hours ago

Extension Details

Developer: tentatively.xyz

Rating: 3.1 ★ (7 ratings)

Users: 739

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors: The extension has a very small user base of only 739 users and a concerning low rating of 3.1 out of 5 stars from just 7 reviews, which suggests user dissatisfaction or potential issues. The developer domain "tentatively.xyz" appears to be a newer or less established entity without clear company information, reducing trustworthiness. The extension name "Tentatively" with no clear description makes it difficult to assess its legitimate purpose.

Concerns: The identity permission is particularly concerning given the vague nature of this extension. This permission allows access to your Google account identity information, which could include email addresses, profile data, and authentication tokens. The content script injection into Google Calendar suggests calendar-related functionality, but without a clear description, it's unclear why identity access would be necessary for basic calendar operations. The low version number (0.3) indicates this is still in early development stages, potentially making it less stable or secure.

Recommendations: Given the unclear purpose, low user satisfaction, and powerful identity permission, consider running this extension in a separate Chrome profile if you must use it. Better yet, look for well-established alternatives with clear functionality descriptions and better user ratings. If you proceed, carefully monitor what data the extension accesses and consider removing it if you notice any suspicious behavior or unauthorized account activity.

Findings

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLD5iXDDRltT1iRuXaiijDTef4Wss4B8lP29xeXOzZrd7XujP6oCp/N2PsdUH0LqbLmHwxogqRvczcBaBB6jgzNkBBTYTsgSVuL31W/gR4jTnpE/PkidkoX8jfq78UZed5OvwGD3+wmKbI5vqeHUzpQQuT7VixMqV1BAoSoxpDFlAMvwiP3Uyocp5+g0FQyye8HbgDwEtCmQFKk4CNo4SPbvCorMOS/gFkwshG5UgOBQVgyANbIP9lCv+zUVMyzOqqz3C7vjMtjwTiihhkxUoj1f/OdVWkUeJCSDcBYHyW8JMPbBlVrpLU9pUt9xxOI1A56jL0MH5UYQlNTxSrlDpQIDAQAB",
  "name": "Tentatively",
  "icons": {
    "16": "icon16.png",
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "action": {
    "default_icon": {
      "16": "icon16_gray.png",
      "48": "icon48_gray.png",
      "128": "icon128_gray.png"
    },
    "default_title": "Tentatively\nDisabled for this site"
  },
  "author": "Jason Geffner",
  "oauth2": {
    "scopes": [
      "https://www.googleapis.com/auth/calendar.readonly",
      "https://www.googleapis.com/auth/calendar.events"
    ],
    "client_id": "1023394886692-4bm5tohrq1tbi3iis42v1fbvo6mrclgn.apps.googleusercontent.com"
  },
  "version": "0.3",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Sets Google Calendar events to tentative.",
  "permissions": [
    "identity"
  ],
  "content_scripts": [
    {
      "js": [
        "tentative.js"
      ],
      "css": [
        "style.css"
      ],
      "matches": [
        "https://calendar.google.com/calendar/*"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

Tentatively

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (6 total):

Raw Manifest

Detections

Manifest Findings

https://www.googleapis.com/calendar/v3/calendars/	https://www.googleapis.com/calendar/v3/users/me/calendarList?minAccessRole=writer
https://clients2.google.com/service/update2/crx	https://calendar.google.com/calendar/
https://www.googleapis.com/auth/calendar.readonly	https://www.googleapis.com/auth/calendar.events