Extension Details
Context-Aware Verdict
This extension presents significant trust concerns. With only 339 users and a 0.0 rating with no reviews, it lacks community validation. The absence of author and developer information raises red flags about accountability and transparency. The name "Robility Automation" suggests legitimate automation functionality, but the lack of detailed description makes it difficult to verify the extension's actual purpose.
The extension requests extremely powerful and dangerous permissions that far exceed what most automation tools require. The debugger permission is particularly concerning as it allows manipulation of other extensions and applications. Combined with broad host permissions covering all websites, this creates a perfect storm for malicious activity. The nativeMessaging permission enables communication with local applications, potentially allowing system-level access. The scripting permission across all HTTP/HTTPS sites means it can inject code anywhere on the web.
Do not install this extension. The combination of excessive permissions, lack of transparency, minimal user base, and zero ratings creates an unacceptable security risk. If automation functionality is needed, seek well-established alternatives with proper documentation, active user communities, and transparent developers. If you must test this extension for legitimate purposes, use a completely isolated Chrome profile with no access to sensitive accounts or data, and monitor system activity closely.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- tabs
- scripting
- nativeMessaging
- debugger
Host Permissions:
- <all_urls>
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (3 total):
| http://www.w3.org/2000/svg | https://clients2.google.com/service/update2/crx | |
| https://popper.js.org |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeiOMnLGfERh3apTZ3kzlpamogDRbMbKcPl/qDphiw1NQLBSdP9sDapr6vzVShEpIn4gJSMa6fHdIszr76OpD6U6tfFodXsQ4YkCD/ndTL9brpGM5sMpxK4+AD5DxEf3DrX6cq8zHYUhwT5Cdlt+82C/zWIk6Q+xLoYG7cDUTmfWHs6RCBOX0izjywskMbJ76WyD7Fwz1UMrWbF8Su2XRMsuvsLmp570lLjkYZZishAHukO0sIlk6iv3sWNftRywgGHWkLZhCDsGVCf2G9P9ysFwvU8pT9O45DKeb7XtQOMDUX/fRAVoS3EwVdGCCGvHA3rLsBDT8GCEPR/HQVY0MwIDAQAB", "name": "Robility Automation", "icons": { "16": "images/Sutherland16.png", "32": "images/Sutherland32.png", "48": "images/Sutherland48.png", "128": "images/Sutherland128.png" }, "version": "3.6", "background": { "service_worker": "scripts/eventPage.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Locate and save web elements and get their xpath/cssSelector code", "permissions": [ "activeTab", "tabs", "scripting", "nativeMessaging", "debugger" ], "content_scripts": [ { "js": [ "scripts/general.js", "scripts/contentScript.js", "runtimeScript.js" ], "run_at": "document_start", "matches": [ "http://*/*", "https://*/*" ], "all_frames": true } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "css/general.css" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.