[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Skillwise.ai Proctoring

Version 1.1.20 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 3.0 ★ (6 ratings)

Users: 10,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has concerning trust indicators with only 10,000 users and a low 3.0 rating from just 6 reviews, suggesting limited adoption and user satisfaction. The proctoring nature of the extension legitimately requires extensive permissions for monitoring purposes, but the lack of clear developer information and company reputation details raises transparency concerns.

Concerns:

The extension's broad host permissions and content script injection capabilities across all websites create significant security risks beyond typical proctoring needs. The unsafe WebAssembly execution policy is particularly concerning as it could hide malicious code. The combination of tabs permission with system-level access to storage and display information provides extensive monitoring capabilities that could be misused for unauthorized surveillance or data collection. The low user rating despite the specialized nature suggests potential functionality or privacy issues.

Recommendations:

Given the critical risk level, run this extension in a completely isolated Chrome profile dedicated solely to proctored activities. Only install and activate it when required for specific proctoring sessions, then disable or remove it immediately afterward. Verify the extension is officially required by your institution and downloaded from legitimate sources. Monitor system performance during use for unusual activity. Consider using a separate device entirely for proctored exams if possible. Review your institution's privacy policies regarding proctoring software to understand data collection practices.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

Unsafe WebAssembly Execution

This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
scripting
tabs
activeTab
system.storage
system.display

Host Permissions:

http://*/
https://*/*
<all_urls>

Content Security Policy:

extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self'

Embedded URLs (163 total):

https://prod-jain-skillwise-homepage-wucu42ieaq-el.a.run.app/jgiproctoring	https://www.lipsum.com
https://test.trial.guru	https://demoexams.jgianveshana.com
https://jainexams.jgianveshana.com	https://jgianveshana.com
https://exams.onlineaju.ac.in	http://exams.onlineaju.ac.in
https://aju.jgianveshana.com	https://cdn.jsdelivr.net/gh/vladmandic/human-models/models/
https://dev-skillwise-chrome-extension-backend-edirdbg6ca-el.a.run.app/api/v1	https://dev-skillwise-chrome-extension-backend-temp-edirdbg6ca-el.a.run.app/api/v1
https://prod-skillwise-chrome-extension-backend-wucu42ieaq-el.a.run.app/api/v1	http://www.apache.org/licenses/LICENSE-2.0
https://storage.googleapis.com/tfjs-models/savedmodel/	https://github.com/tensorflow/tfjs-node
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/crop_and_resize_op.cc	https://github.com/tensorflow/tensorflow/blob/d9a3a849edc198e90172bc58eb293de457f9d986/tensorflow/core/kernels/dilation_ops.cc
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc	https://github.com/tensorflow/tensorflow/blob/3039375c86a5bbc9610c7725dcaa95d635f87ba2/tensorflow/core/kernels/resize_bilinear_op.cc#L275
https://goo.gl/vkcvwX	https://math.byu.edu/~schow/work/IEEEFloatingPoint.htm
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/strided_slice_op.cc	https://en.wikipedia.org/wiki/Floyd%E2%80%93Rivest_algorithm
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.h	https://github.com/tensorflow/tfjs/issues/872
https://github.com/tensorflow/tfjs/issues/821	https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/crop_and_resize_op_gpu.cu.cc
https://github.com/tensorflow/tfjs/issues/6775.	https://en.wikipedia.org/wiki/IEEE_754-1985#Representation_of_non-numbers
https://github.com/tensorflow/tfjs/issues/1145	https://jsperf.com/string-concatenation/14.
https://github.com/tensorflow/tfjs/issues/5447	https://github.com/tensorflow/tfjs-core/pull/1379
https://github.com/tensorflow/tfjs/blob/b53bd47e880367ae57493f0ea628abaf08db2d5d/tfjs-core/src/ops/fused/conv2d.ts#L181-L196	https://developer.nvidia.com/gpugems/gpugems3/part-vi-gpu-computing/chapter-39-parallel-prefix-sum-scan-cuda
https://github.com/tensorflow/tfjs/issues/1293	https://arxiv.org/abs/1706.02515
https://anilshanbhag.in/static/papers/gputopk_sigmod18.pdf	https://github.com/tensorflow/tensorflow/..
https://github.com/tensorflow/tfjs/issues/1735	https://www.shadertoy.com/view/4djSRW
https://en.wikipedia.org/wiki/Half-precision_floating-point_format	https://www.tensorflow.org/guide/saved_model
https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage	https://storage.googleapis.com/tfjs-models/savedmodel/mobilenet_v2_1.0_224/model.json
https://tfhub.dev/google/imagenet/mobilenet_v2_140_224/classification/2	https://github.com/tensorflow/tfjs/issues
https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API	http://tfhub.dev/model/1/tensorflowjs_model.pb?tfjs-format=file
http://tfhub.dev/model/1/	https://js.tensorflow.org/tutorials/import-keras.html
https://gist.github.com/dsmilkov/1b6046fd6132d7408d5257b0976f7864	https://github.com/pallets/flask
https://keras.io/models/model/	https://developer.mozilla.org/en-US/docs/Web/API/Request/Request
https://developer.mozilla.org/en-US/docs/Web/API/IDBObjectStore/getAll	http://www.fox-toolkit.org/ftp/fasthalffloatconversion.pdf
https://www.tensorflow.org/api_docs/python/tf/batch_to_space_nd	https://www.tensorflow.org/api_docs/python/tf/nn/convolution
http://arxiv.org/abs/1502.03167	https://github.com/tensorflow/tfjs/issues/5482
https://bugzilla.mozilla.org/show_bug.cgi?id=1335594	https://www.tensorflow.org/api_docs/python/tf/nn/atrous_conv2d
https://www.tensorflow.org/api_docs/python/tf/nn/depthwise_conv2d	https://en.wikipedia.org/wiki/Einstein_notation
https://numpy.org/doc/stable/reference/generated/numpy.einsum.html	https://github.com/tensorflow/tfjs/blob/b53bd47e880367ae57493f0ea628abaf08db2d5d/tfjs-core/src/ops/fused/fused_conv2d_test.ts#L1972.
https://arxiv.org/abs/1704.04503	https://www.apache.org/licenses/LICENSE-2.0
https://en.wikipedia.org/wiki/Luma_%28video%29	http://web.stanford.edu/~awni/papers/relu_hybrid_icml2013_final.pdf
http://www.cs.cornell.edu/~bindel/class/cs6210-f09/lec18.pdf	http://cs231n.github.io/linear-classify/#softmax
https://blog.feedly.com/tricks-of-the-trade-logsumexp/	https://arxiv.org/abs/1412.6980
https://www.tensorflow.org/api_guides/python/nn#Convolution	https://github.com/tensorflow/tensorflow/blob/50f6bb67dc98c9b74630b6047aae7a4f8a40fd02/tensorflow/python/ops/nn_ops.py#L1037
https://github.com/tensorflow/tensorflow/blob/50f6bb67dc98c9b74630b6047aae7a4f8a40fd02/tensorflow/python/ops/array_ops.py#L2184	https://github.com/tensorflow/tensorflow/blob/50f6bb67dc98c9b74630b6047aae7a4f8a40fd02/tensorflow/python/ops/nn_ops.py#L524

Page 1 of 3

Raw Manifest

{
  "name": "Skillwise.ai Proctoring",
  "icons": {
    "16": "assets/icons/icon-16.png",
    "32": "assets/icons/icon-32.png",
    "48": "assets/icons/icon-48.png",
    "128": "assets/icons/icon-128.png"
  },
  "action": {
    "default_icon": {
      "16": "assets/icons/icon-16.png",
      "32": "assets/icons/icon-32.png",
      "48": "assets/icons/icon-48.png",
      "128": "assets/icons/icon-128.png"
    },
    "default_popup": "popup.html",
    "default_title": "Skillwise.ai Proctoring"
  },
  "version": "1.1.20",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Enhance online exams with AI based proctoring and monitoring",
  "permissions": [
    "storage",
    "scripting",
    "tabs",
    "activeTab",
    "system.storage",
    "system.display"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "./contentScript.js"
      ],
      "matches": [
        "https://*/jgiproctoring"
      ]
    },
    {
      "js": [
        "./listener.js"
      ],
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "http://*/",
    "https://*/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "css/content.css",
        "html/camera.html",
        "html/sources.html",
        "js/sources.js",
        "js/content.js"
      ]
    }
  ]
}

by ✦ Astarte

Skillwise.ai Proctoring

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (163 total):

Raw Manifest

Detections

Manifest Findings