[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Tiered Level Notification Companion

Version 1.0.8 View in Chrome Web Store

Last scanned: about 11 hours ago

Extension Details

Rating: 0.0 ★

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has several concerning trust indicators. With 0 downloads, no user ratings, and missing author/developer information, there's no established reputation or user base to validate its legitimacy. The lack of transparency about the developer raises immediate red flags about accountability and trustworthiness.

Concerns:

The extension's permissions are excessive for what appears to be a PowerBI notification tool. While it legitimately needs access to PowerBI domains, the broad host permissions allowing access to all HTTP/HTTPS websites is unnecessary and dangerous. The tabs permission enables monitoring and manipulation of all browser tabs, far beyond what a notification companion should require. The combination of these permissions creates a powerful surveillance and data collection capability that could be exploited maliciously.

The technical profile shows content scripts only targeting PowerBI, which contradicts the overly broad host permissions. This mismatch suggests either poor development practices or intentional overreach.

Recommendations:

Do not install this extension due to the combination of excessive permissions, lack of developer transparency, and zero user validation. If PowerBI notifications are needed, seek established alternatives with proper developer information and user reviews. If you must test this extension, create a completely isolated Chrome profile with no sensitive data or important accounts logged in.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
activeTab
storage
scripting

Host Permissions:

https://*.powerbi.com/*
http://*/*
https://*/*

Embedded URLs (8 total):

https://clients2.google.com/service/update2/crx	https://ff1aac9ce4d64e8a9acefc3a0b0312.14.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/f2ccee44bae744d78a30b23897c61c2a/triggers/manual/paths/invoke?api-version=1&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=PCoFMgbXe9UCpuPns5t5HcJAkzBF0xd88f7ZWzMAS7M
http://www.w3.org/2000/svg	https://ff1aac9ce4d64e8a9acefc3a0b0312.14.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/f2ccee44bae744d78a30b23897c61c2a/triggers/manual/paths/invoke?api-version=1&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=PCoFMgbXe9UCpuPns5t5HcJAkzBF0xd88f7ZWzMAS7M%22%22
https://ff1aac9ce4d64e8a9acefc3a0b0312.14.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/4b5bf4107b3146668578a40a9dd40260/triggers/manual/paths/invoke?api-version=1&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=hlFJK48i45dxfV3x4o_RSn944_QCftbj4oEhzfChKEo	https://ff1aac9ce4d64e8a9acefc3a0b0312.14.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/39dcca9f17734e8d8f3c13039331fc87/triggers/manual/paths/invoke?api-version=1&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=zfvYIOjI7uAj3c3A9mSi-ViCJ1T4Adr_8VqLvH7OjTU
https://ff1aac9ce4d64e8a9acefc3a0b0312.14.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/f9d59cb339f34e50bb7d5521c7f8c76c/triggers/manual/paths/invoke?api-version=1&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=wIoWNrSzHNeYXeNfbfnaADkfAuFoNASNPN4Sd6adPqA	https://pfizer.service-now.com/

Raw Manifest

{
  "name": "Tiered Level Notification Companion",
  "action": {
    "default_popup": "popup.html",
    "default_title": "Tiered Level Notification Companion"
  },
  "version": "1.0.8",
  "background": {
    "service_worker": "service_worker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Capture screenshots, add notes, and send to Power Automate.",
  "permissions": [
    "tabs",
    "activeTab",
    "storage",
    "scripting"
  ],
  "options_page": "options.html",
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "https://*.powerbi.com/*"
      ]
    }
  ],
  "host_permissions": [
    "https://*.powerbi.com/*",
    "http://*/*",
    "https://*/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

Tiered Level Notification Companion

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (8 total):

Raw Manifest

Detections

Manifest Findings