Extension Details
Context-Aware Verdict
The extension has a modest user base of 8,000 users but concerning trust indicators. The 3.2-star rating from only 33 reviews suggests limited user satisfaction or engagement. The lack of developer information and company details raises transparency concerns, making it difficult to assess the publisher's credibility and accountability.
The extension's permissions are excessive for what appears to be a LinkedIn-focused tool. The tabs permission combined with broad host permissions creates significant privacy risks, allowing comprehensive browsing surveillance. The specific targeting of LinkedIn suggests this could be a data harvesting tool for professional information. The access to an external API (api.salesabc.co) indicates data is being transmitted to third-party servers, raising questions about data handling and storage practices. The offscreen permission adds another layer of background activity that users cannot easily monitor.
Given the high risk level, install this extension only in a separate Chrome profile to isolate potential security threats. Before installation, research the developer and the salesabc.co domain to understand what company is behind this tool. Monitor your LinkedIn account for any unusual activity after installation. Consider whether the extension's functionality justifies the extensive permissions it requests. If you must use it, regularly review what data it might be accessing and consider uninstalling it when not actively needed.
Findings
Security Analysis Details
Required Permissions:
- tabs
- storage
- alarms
- offscreen
Host Permissions:
- *://*.linkedin.com/*
- https://api.salesabc.co/*
Embedded URLs (17 total):
| https://jquery.com/ | https://jquery.org/license | |
| http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css | https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css | |
| https://clients2.google.com/service/update2/crx | https://api.salesabc.co/ | |
| https://api.salesabc.co/boolean/ | https://api.salesabc.co/emailout/getTask | |
| http://52.14.133.185:3333 | https://www.linkedin.com/feed | |
| https://www.linkedin.com/recruiter | https://www.linkedin.com/voyager/api/identity/profiles/ | |
| https://api.salesabc.co/v2/sendProfileList | https://www.linkedin.com/voyager/api/relationships/connections?count=2000&start= | |
| https://api.salesabc.co/v2/saveProfileList | https://api.salesabc.co/emailout/ | |
| https://www.linkedin.com |
Raw Manifest
{ "name": "BooleanAssistant", "icons": { "16": "icon-2.png", "48": "icon-2.png", "128": "icon-2.png" }, "action": { "default_icon": { "19": "icon-2.png", "38": "icon-2.png" }, "default_popup": "popup.html", "default_title": "BooleanAssistant" }, "version": "1.5.10", "background": { "type": "module", "service_worker": "service-worker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "BooleanAssistant, your best boolean generator and email hunter", "permissions": [ "tabs", "storage", "alarms", "offscreen" ], "content_scripts": [ { "js": [ "content.js" ], "run_at": "document_end", "matches": [ "*://*.linkedin.com/*" ], "all_frames": true } ], "host_permissions": [ "*://*.linkedin.com/*", "https://api.salesabc.co/*" ], "manifest_version": 3, "minimum_chrome_version": "116" }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.