Extension Details
Context-Aware Verdict
The extension has extremely limited trust indicators with only 22 users and just 2 ratings, suggesting minimal real-world validation. The lack of developer information, company details, and missing description raises significant transparency concerns. The perfect 5.0 rating from only 2 reviews is insufficient to establish credibility.
The extension requests an excessive combination of high-risk permissions that appear disproportionate to any legitimate functionality. The identity and identity.email permissions combined with broad host access create a perfect storm for data harvesting. The ability to inject content scripts across all websites while accessing cookies, tabs, and user identity information suggests potential surveillance capabilities. The broad permissions package resembles malware patterns more than typical productivity extensions.
The minimal user base combined with maximum permissions is a classic red flag indicating either poor development practices or potentially malicious intent. The lack of transparency about the developer and extension purpose makes risk assessment impossible through normal channels.
Do not install this extension under any circumstances. The risk-to-benefit ratio is unacceptable given the unknown functionality and excessive permissions. If you must evaluate similar functionality, seek well-established alternatives from verified developers with transparent privacy policies and substantial user bases. Report this extension to Chrome Web Store for review due to suspicious permission patterns.
Findings
Security Analysis Details
Required Permissions:
- tabs
- cookies
- storage
- scripting
- identity
- identity.email
Host Permissions:
- <all_urls>
Embedded URLs (11 total):
| https://clients2.google.com/service/update2/crx | https://docs.google.com/document/. | |
| http://meyerweb.com/eric/tools/css/reset/ | https://fonts.googleapis.com | |
| https://fonts.gstatic.com | https://fonts.googleapis.com/css2?family=B612+Mono:ital | |
| http://www.w3.org/2000/svg | https://docs.google.com/spreadsheets/ | |
| https://chrome.google.com/webstore | https://chromewebstore.google.com/ | |
| https://microsoftedge.microsoft.com/addons/ |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyNdhGwwTcrbOd/Ts4KxcHIYS4QIDnUClnSxhUw5kIbp9uZ1sHuyyKFzW5EXQaTa3gbxVoRe7xQ8RZ36/EYap0+TO/coQghfQ6/OgKOu13TE+pWnyoffDJSwn16Oz2UzZwnPPub4mgYHxuMKlDltYz02RjD+oGgLeDYnKfzDdtAAdOyKFRERAO8Cx92NqSbQqAI5BRTR8J0lEJ+nn2ZI5f2Zw5o805SGPrKWJv3ejhCD+Ekpkl0pEabLW3vboYaUNhFh2W8EXdttKLhJHbKhD1QLAUrGzEjpnLJM41LsuHO2yEhPcj9Nngy/LNXTt5Y7b0AaPIHh+YbEDUS6HFJSwQIDAQAB", "name": "Olakai", "icons": { "16": "images/icon.png", "32": "images/icon.png", "48": "images/icon.png", "128": "images/icon.png" }, "action": { "default_icon": "images/icon.png", "default_popup": "popup/popup.html" }, "storage": { "managed_schema": "schema.json" }, "version": "2.5.0", "background": { "type": "module", "service_worker": "service_worker/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Enterprise AI Analytics, ROI Measurement, AI Governance", "permissions": [ "tabs", "cookies", "storage", "scripting", "identity", "identity.email" ], "content_scripts": [ { "js": [ "content/content.js", "content/apps/app.js", "content/apps/monitored_app.js", "content/apps/google_doc.js", "content/apps/uno.js", "content/apps/lever.js" ], "matches": [ "<all_urls>" ], "all_frames": false } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.