Extension Details
Context-Aware Verdict
The extension has a very small user base of only 751 users and a below-average rating of 3.1 out of 5 stars from just 7 reviews, indicating limited adoption and mixed user satisfaction. The developer domain "tentatively.xyz" appears to be a newer or less established entity, which reduces trust indicators. The extension name "Tentatively" and minimal description provide little clarity about its actual functionality.
The primary concern is the identity permission, which grants access to user identity information including Google account details. This is particularly concerning given that the extension only operates on Google Calendar pages but requires such broad identity access. The combination of limited user base, poor ratings, and high-risk permissions creates a potentially problematic security profile. The lack of transparency in the extension's description makes it difficult to assess whether the identity permission is truly necessary for its stated functionality.
Consider running this extension in a separate Chrome profile to isolate potential security risks. Before installation, research the developer further and look for more detailed documentation about what the extension actually does. Given the low user adoption and mixed reviews, you might want to seek alternative extensions with better security profiles and clearer functionality descriptions. If you do install it, monitor your Google account activity closely for any unusual access patterns.
Findings
Security Analysis Details
Required Permissions:
- identity
Embedded URLs (6 total):
| https://www.googleapis.com/calendar/v3/calendars/ | https://www.googleapis.com/calendar/v3/users/me/calendarList?minAccessRole=writer | |
| https://clients2.google.com/service/update2/crx | https://calendar.google.com/calendar/ | |
| https://www.googleapis.com/auth/calendar.readonly | https://www.googleapis.com/auth/calendar.events |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLD5iXDDRltT1iRuXaiijDTef4Wss4B8lP29xeXOzZrd7XujP6oCp/N2PsdUH0LqbLmHwxogqRvczcBaBB6jgzNkBBTYTsgSVuL31W/gR4jTnpE/PkidkoX8jfq78UZed5OvwGD3+wmKbI5vqeHUzpQQuT7VixMqV1BAoSoxpDFlAMvwiP3Uyocp5+g0FQyye8HbgDwEtCmQFKk4CNo4SPbvCorMOS/gFkwshG5UgOBQVgyANbIP9lCv+zUVMyzOqqz3C7vjMtjwTiihhkxUoj1f/OdVWkUeJCSDcBYHyW8JMPbBlVrpLU9pUt9xxOI1A56jL0MH5UYQlNTxSrlDpQIDAQAB", "name": "Tentatively", "icons": { "16": "icon16.png", "48": "icon48.png", "128": "icon128.png" }, "action": { "default_icon": { "16": "icon16_gray.png", "48": "icon48_gray.png", "128": "icon128_gray.png" }, "default_title": "Tentatively\nDisabled for this site" }, "author": "Jason Geffner", "oauth2": { "scopes": [ "https://www.googleapis.com/auth/calendar.readonly", "https://www.googleapis.com/auth/calendar.events" ], "client_id": "1023394886692-4bm5tohrq1tbi3iis42v1fbvo6mrclgn.apps.googleusercontent.com" }, "version": "0.3", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Sets Google Calendar events to tentative.", "permissions": [ "identity" ], "content_scripts": [ { "js": [ "tentative.js" ], "css": [ "style.css" ], "matches": [ "https://calendar.google.com/calendar/*" ] } ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.