AuthGenie - Autologin in one click

Version 1.1 View in Chrome Web Store

Last scanned: 3 months ago | force re-scan

Extension Details

Rating: 5.0 ★ (1 rating)

Users: 20

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has extremely limited trust indicators with only 20 users and a single 5-star rating, which is insufficient to establish credibility. The lack of developer information, company details, and recent update history raises significant transparency concerns. The extension's purpose of providing "autologin in one click" functionality is inherently sensitive as it involves handling authentication credentials.

Concerns:

- Extremely low user base (20 users) provides no meaningful validation of safety or reliability

- Single rating appears potentially fabricated given the minimal user adoption

- Complete absence of developer identification or company information creates accountability issues

- Autologin functionality inherently requires handling sensitive login credentials, creating potential security vulnerabilities

- Content script injection specifically targets Zerodha Kite (a financial trading platform), amplifying risk due to the sensitive nature of financial data

- No transparency about data handling practices or security measures

- Limited version history (v1.1) suggests minimal testing and refinement

Recommendations:

Given the high-risk nature of credential handling combined with poor trust indicators, avoid installing this extension. If autologin functionality is essential, consider established alternatives with substantial user bases and verified developers. For financial platforms like Zerodha, use official authentication methods or well-established password managers from reputable companies. If you must test this extension, run it in a completely isolated Chrome profile with no access to important accounts.

Findings

Raw Manifest

{
  "name": "AuthGenie - Autologin in one click",
  "icons": {
    "128": "icon-128.png"
  },
  "action": {
    "default_icon": {
      "128": "icon-128.png"
    },
    "default_popup": "popup.html"
  },
  "version": "1.1",
  "background": {
    "service_worker": "background.bundle.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "One Click Auto login into your Zerodha account in seconds. No hassle!",
  "permissions": [],
  "content_scripts": [
    {
      "js": [
        "zerodha.bundle.js"
      ],
      "run_at": "document_start",
      "matches": [
        "https://kite.zerodha.com/*"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

http://www.w3.org/2000/svg	http://www.w3.org/1999/xlink
https://clients2.google.com/service/update2/crx	https://kite.zerodha.com/
https://reactjs.org/docs/error-decoder.html?invariant=	http://www.w3.org/XML/1998/namespace
http://www.w3.org/1998/Math/MathML	http://www.w3.org/1999/xhtml
https://reactjs.org	https://mui.com/production-error/?code=
https://bit.ly/AUTHgenie	https://kite.zerodha.com
http://authgenie-api.netlify.app/.netlify/functions/api/subscribe	https://amazealgos.koyeb.app/totp

AuthGenie - Autologin in one click

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Embedded URLs (14 total):

Raw Manifest

Detections

Manifest Findings