[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

CPI Where Used rmbc

Version 1.0.1 View in Chrome Web Store

Last scanned: about 10 hours ago

Extension Details

Rating: 0.0 ★

Users: 40

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has extremely limited trust indicators with only 40 users, no rating or reviews, and missing critical metadata like author information and last update date. The lack of developer transparency and minimal adoption suggests this is either a very new or potentially abandoned extension. The generic name "CPI Where Used rmbc" provides little clarity about its actual purpose or functionality.

Concerns:

- The tabs permission allows extensive browser manipulation capabilities that seem excessive for most legitimate use cases

- Host permissions are restricted to hana.ondemand.com (SAP's cloud platform), which is more targeted than truly broad permissions, but still grants significant access to that domain

- Complete absence of developer information raises accountability concerns

- No description provided makes it impossible to assess if permissions align with stated functionality

- Very low user adoption combined with missing metadata suggests potential abandonment or testing phase

Recommendations:

Given the high-risk permissions and lack of transparency, avoid installing this extension unless you specifically need SAP HANA cloud functionality and can verify the developer's legitimacy. If you must use it, run it in a separate Chrome profile to isolate potential security risks. Consider seeking alternative extensions with better documentation and developer transparency for similar functionality. Monitor the extension closely for any suspicious behavior if installed.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

Raw Manifest

{
  "name": "CPI Where Used rmbc",
  "action": {
    "default_title": "CPI Where Used rmbc"
  },
  "version": "1.0.1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Search selected text across SAP CPI iFlow definitions from a right-click menu.",
  "permissions": [
    "contextMenus",
    "tabs"
  ],
  "host_permissions": [
    "*://*.hana.ondemand.com/*"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "result.html",
        "result.js",
        "result.css"
      ]
    }
  ]
}

by ✦ Astarte

CPI Where Used rmbc

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (3 total):

Raw Manifest

Detections

Manifest Findings

https://tenant.hana.ondemand.com	https://tenant.hana.ondemand.com/itspaces.
https://clients2.google.com/service/update2/crx