Extension Details
Rating:
5.0 ★
Users:
177
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: This extension raises significant trust concerns. With only 177 users and a perfect 5.0 rating but no visible review count, the rating appears potentially artificial. The lack of developer information, company details, and last updated date creates transparency issues. The extension targets major enterprise platforms (Workday, NetSuite, SAP SuccessFactors) which handle sensitive business data, making the trust deficit particularly concerning.
Concerns:
- Excessive host permissions spanning multiple major enterprise platforms beyond what a typical business tool would require
- Cookie access permission combined with broad host access creates potential for credential theft and session hijacking
- Content scripts injected into sensitive business applications could intercept confidential data
- DeclarativeNetRequest permission allows network traffic modification
- Missing developer transparency and verification
- Low user adoption despite targeting enterprise users suggests limited legitimate use
- Perfect rating with minimal users indicates potential manipulation
Recommendations:
Given the high risk level, avoid installing this extension on your primary browser profile. If business requirements necessitate its use, create a dedicated Chrome profile isolated from personal browsing and other sensitive accounts. Verify the extension's legitimacy through your IT department before installation. Consider alternative, well-established extensions from verified developers for similar functionality. Monitor network activity and review browser cookies regularly if you must use this extension.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- alarms
- cookies
- storage
- declarativeNetRequest
Host Permissions:
- http://*.databycloud.com/*
- https://*.databycloud.com/*
- http://*.workday.com/*
- https://*.workday.com/*
- http://*.workdaysuv.com/*
- https://*.workdaysuv.com/*
- http://*.myworkday.com/*
- https://*.myworkday.com/*
- http://*.netsuite.com/*
- https://*.netsuite.com/*
- http://*.successfactors.com/*
- https://*.successfactors.com/*
- http://*.cloud.sap/*
- https://*.cloud.sap/*
Embedded URLs (8 total):
| https://tool.databycloud.com | https://admin_new.databycloud.com | |
| https://api.databycloud.com | https://clients2.google.com/service/update2/crx | |
| https://admin_new.databycloud.com/ | https://tool.databycloud.com/ | |
| https://jquery.com/ | https://jquery.org/license |
Raw Manifest
{ "name": "DataByCloud", "icons": { "16": "images/logo_16.png", "32": "images/logo_32.png", "48": "images/logo_48.png", "128": "images/logo_128.png" }, "version": "1.0", "background": { "type": "module", "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Shared access provided by databycloud", "permissions": [ "alarms", "cookies", "storage", "declarativeNetRequest" ], "content_scripts": [ { "js": [ "page-helpers/admin-web.js" ], "run_at": "document_idle", "matches": [ "https://admin_new.databycloud.com/*" ] }, { "js": [ "page-helpers/user-web.js" ], "run_at": "document_idle", "matches": [ "https://tool.databycloud.com/*" ] }, { "js": [ "page-helpers/dom-fixer.js", "page-helpers/dom.js" ], "run_at": "document_idle", "matches": [ "http://*.workday.com/*", "https://*.workday.com/*", "http://*.workdaysuv.com/*", "https://*.workdaysuv.com/*", "http://*.myworkday.com/*", "https://*.myworkday.com/*", "http://*.netsuite.com/*", "https://*.netsuite.com/*", "http://*.successfactors.com/*", "https://*.successfactors.com/*", "http://*.cloud.sap/*", "https://*.cloud.sap/*" ] } ], "host_permissions": [ "http://*.databycloud.com/*", "https://*.databycloud.com/*", "http://*.workday.com/*", "https://*.workday.com/*", "http://*.workdaysuv.com/*", "https://*.workdaysuv.com/*", "http://*.myworkday.com/*", "https://*.myworkday.com/*", "http://*.netsuite.com/*", "https://*.netsuite.com/*", "http://*.successfactors.com/*", "https://*.successfactors.com/*", "http://*.cloud.sap/*", "https://*.cloud.sap/*" ], "manifest_version": 3, "declarative_net_request": { "rule_resources": [ { "id": "ruleset_1", "path": "rules.json", "enabled": true } ] } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -