Extension Details
Rating:
4.2 ★
(4 ratings)
Users:
3,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively low number of users (3,000) and ratings (4), which could indicate a lack of widespread trust or adoption.
- The lack of developer information or company reputation makes it difficult to assess the trustworthiness of the extension's source.
Concerns:
- The extension requests broad host permissions (*://*/*) and content script injection (*://*/*), allowing it to access and modify any website. These permissions are overly broad and potentially risky, as they could enable the extension to steal sensitive data or track browsing activity.
- The "storage" permission allows the extension to store data locally, which could be a privacy concern if sensitive information is stored.
- The "activeTab" permission grants access to the active tab, which could be misused to collect browsing data or perform unwanted actions.
Recommendations:
- Exercise caution when installing this extension, as the broad permissions and lack of developer information raise security concerns.
- If you decide to use the extension, consider running it in a separate browser profile or incognito mode to isolate it from your main browsing activity.
- Regularly review the extension's permissions and activity, and remove it if any suspicious behavior is observed.
- Look for alternative extensions from reputable developers that request only the necessary permissions for their stated functionality.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 4 total findings, ranked without considering overall context, including 2 high-risk and 2 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- declarativeNetRequest
- declarativeNetRequestFeedback
- storage
- activeTab
- scripting
Host Permissions:
- *://*/*
Embedded URLs (86 total):
| https://clients2.google.com/service/update2/crx | https://chromewebstore.google.com/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden?hl=en | |
| https://github.com/ant-design/ant-design/issues/27202 | http://www.w3.org/2000/svg | |
| http://www.w3.org/1999/xlink | https://markjs.io/ | |
| https://git.io/vwTVl | https://sketch.com | |
| https://saleshood.preview.saleshood.com/auth/login?return_url=%2F | http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd | |
| http://ns.adobe.com/Extensibility/1.0/ | http://ns.adobe.com/AdobeIllustrator/10.0/ | |
| http://ns.adobe.com/Graphs/1.0/ | http://ns.adobe.com/Variables/1.0/ | |
| http://ns.adobe.com/ImageReplacement/1.0/ | http://ns.adobe.com/SaveForWeb/1.0/ | |
| http://ns.adobe.com/GenericCustomNamespace/1.0/ | http://ns.adobe.com/XPath/1.0/ | |
| https://fb.me/react-async-component-lifecycle-hooks | https://feross.org/opensource | |
| https://feross.org | https://lodash.com/ | |
| https://openjsf.org/ | https://lodash.com/license | |
| http://underscorejs.org/LICENSE | https://npms.io/search?q=ponyfill. | |
| http://purl.eligrey.com/github/classList.js/blob/master/classList.js | https://github.com/kesla/parse-headers/ | |
| https://github.com/kesla/parse-headers/blob/master/LICENCE | http://example.com | |
| https://example.com | http://www.w3.org/1999/xhtml | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/xmlns/ | |
| http://videojs.com/ | https://www.brightcove.com/ | |
| https://github.com/videojs/video.js/blob/main/LICENSE | https://github.com/mozilla/vtt.js | |
| https://github.com/mozilla/vtt.js/blob/main/LICENSE | https://vjs.zencdn.net/vttjs/0.14.1/vtt.min.js | |
| http://www.bohemiancoding.com/sketch/ns | https://github.com/videojs/video.js/issues/2617 | |
| https://datatracker.ietf.org/doc/html/draft-pantos-hls-rfc8216bis-09#section-4.4.3.7. | https://tools.ietf.org/html/draft-pantos-http-live-streaming-23#section-4.3.3.1 | |
| https://git.io/vMpjB | https://github.com/facebook/regenerator/blob/main/LICENSE | |
| http://momentjs.com/guides/#/warnings/define-locale/ | http://momentjs.com/guides/#/warnings/js-date/ | |
| http://momentjs.com/guides/#/warnings/min-max/ | http://momentjs.com/guides/#/warnings/add-inverted-param/ | |
| http://momentjs.com/guides/#/warnings/zone/ | http://momentjs.com/guides/#/warnings/dst-shifted/ | |
| https://fontawesome.com | https://fontawesome.com/license/free | |
| http://fb.me/use-check-prop-types | https://git.io/JUIaE# | |
| http://www.apache.org/licenses/LICENSE-2.0 | https://github.com/ankeetmaini/react-infinite-scroll-component/issues/59 | |
| https://momentjs.com/timezone/docs/#/use-it/browser/ | http://momentjs.com/timezone/docs/#/data-loading/. | |
| https://github.com/pladaria/reconnecting-websocket | https://img.freepik.com/free-photo/close-up-confident-male-employee-white-collar-shirt-smiling-camera-standing-self-assured-against-studio-background_1258-26761.jpg?t=st=1726529793~exp=1726533393~hmac=6913cffcd0d216024e13dd8d8dd706d26e42dabd9d9a7c91212ffea89da9d939&w=640 | |
| https://github.com/uuidjs/uuid#getrandomvalues-not-supported | https://github.com/remarkjs/react-markdown/blob/main/changelog.md | |
| https://prosemirror.net/docs/guide/#generatable | https://support.saleshood.com/hc/en-us/articles/17478715459351-Custom-AI-Coach-Instructions-Best-Practices-and-Guidelines | |
| https://github.com/date-fns/date-fns/blob/master/docs/upgradeGuide.md#string-arguments | https://github.com/date-fns/date-fns/blob/master/docs/unicodeTokens.md | |
| https://reactjs.org/docs/error-decoder.html?invariant= | https://reactjs.org/link/react-polyfills | |
| http://www.w3.org/1998/Math/MathML | http://jedwatson.github.io/classnames | |
| https://chrome.google.com/webstore/detail/saleshood/ojifjnngghhagndjdfeemiccjppainil?hl=en&gl=BG&authuser=1 | https://autocomplete.clearbit.com/v1/companies/suggest | |
| https://logo.clearbit.com/ | https://cdn.useparagon.com | |
| https://dashboard.useparagon.com | https://connect.useparagon.com | |
| https://passport.useparagon.com | https://zeus.useparagon.com |
Page 1 of 2
Raw Manifest
{ "name": "SalesHood", "icons": { "16": "images/icon-16x16.png", "32": "images/icon-32x32.png", "48": "images/icon-48x48.png", "128": "images/icon-128x128.png" }, "action": { "default_popup": "popup/index.html", "default_title": "Saleshood Extension" }, "version": "1.2.5", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "options_ui": { "page": "options/index.html", "open_in_tab": true }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Enhance your SalesHood experience by improving integrations with other systems.", "permissions": [ "declarativeNetRequest", "declarativeNetRequestFeedback", "storage", "activeTab", "scripting" ], "content_scripts": [ { "js": [ "assets/share-content-modal-script.js-loader-c398fdd7.js" ], "matches": [ "*://*/*" ] }, { "js": [ "assets/webapp-content-script.js-loader-cbba822e.js" ], "run_at": "document_end", "matches": [ "*://*.saleshood.com/*", "*://*.skillshood.com/*", "*://saleshood.lvh.me/*" ] } ], "host_permissions": [ "*://*/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "*://*.saleshood.com/*", "*://*.skillshood.com/*", "*://saleshood.lvh.me/*" ] }, "web_accessible_resources": [ { "matches": [ "*://*/*" ], "resources": [ "share-content-modal-dist/assets/*", "share-content-modal/VideoJSFont.css", "csp/trusted-security-policies.js", "content-scripts/add_gmail_button_script.js", "content-scripts/store_original_html_element.js", "assets/auth-c13ebfc8.js", "assets/_commonjsHelpers-de833af9.js", "assets/share-content-modal-script.js-238edb88.js" ], "use_dynamic_url": false }, { "matches": [ "*://*.saleshood.com/*", "*://*.skillshood.com/*", "*://saleshood.lvh.me/*" ], "resources": [ "assets/webapp-content-script.js-f4a5b0a1.js" ], "use_dynamic_url": false } ] }
Secure Annex (beta)
Coming soon...