[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Open Graph Checker

Version 0.2 View in Chrome Web Store

Last scanned: about 9 hours ago

Extension Details

Developer: COYWOLF LLC

Rating: 4.5 ★ (13 ratings)

Users: 8,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a reasonable user base of 8,000 downloads and maintains a solid 4.5-star rating, though based on only 13 reviews which is relatively few. COYWOLF LLC appears to be the developer, but without additional company information, it's difficult to assess their reputation and track record in extension development.

Concerns:

The primary security concerns center around the extension's broad permissions relative to its stated purpose. For an Open Graph checker tool, the combination of tabs permission and universal host permissions (https://*//) creates significant privacy and security risks. The tabs permission allows the extension to access information about all browser tabs and potentially manipulate them, while the broad host permissions grant access to virtually every HTTPS website you visit. This level of access far exceeds what would typically be necessary for checking Open Graph metadata on specific pages.

Recommendations:

Given the high-risk permission combination, consider running this extension in a separate Chrome profile dedicated to development or testing activities. Before installation, verify that these broad permissions are truly necessary for the extension's core functionality. Look for alternative Open Graph checking tools that operate with more limited permissions, or consider using web-based Open Graph validators that don't require browser extension installation. If you must use this extension, regularly review your browsing activity and consider disabling it when not actively needed for Open Graph testing.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "name": "Open Graph Checker",
  "icons": {
    "16": "icon-white-16.png",
    "48": "icon-white-48.png",
    "128": "icon-white-128.png"
  },
  "action": {
    "default_icon": "icon-white-48.png",
    "default_popup": "popup.html",
    "default_title": "Open Graph Checker"
  },
  "version": "0.2",
  "background": {
    "service_worker": "service-worker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Check and preview the social sharing details from a page's Open Graph metadata",
  "permissions": [
    "tabs"
  ],
  "host_permissions": [
    "https://*/"
  ],
  "manifest_version": 3,
  "content_security_policy": {},
  "web_accessible_resources": [
    {
      "matches": [],
      "resources": [
        "options.bundle.js",
        "popup.bundle.js"
      ],
      "extension_ids": []
    }
  ]
}

by ✦ Astarte

https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/runtime/onMessage	https://reactjs.org/docs/error-decoder.html?invariant=
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
http://www.w3.org/1999/xhtml	http://www.w3.org/1998/Math/MathML
http://www.w3.org/2000/svg	https://reactjs.org/link/react-polyfills
https://clients2.google.com/service/update2/crx	https://coywolf.pro/social/open-graph-checker/

Open Graph Checker

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (10 total):

Raw Manifest

Detections

Manifest Findings