[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

XML Sitemap

Version 1.0 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Developer: https://xmlsitemaps.app/

Rating: 4.9 ★ (19 ratings)

Users: 1,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a decent rating of 4.9 stars from 19 reviews and 1,000 users, suggesting basic functionality works as expected. The developer website (xmlsitemaps.app) appears to be related to sitemap services, which aligns with the extension's purpose. However, the limited user base and review count make it difficult to establish strong trust indicators.

Concerns:

The primary concern is the excessive permissions for what should be a simple XML sitemap viewer. The <all_urls> host permission is unnecessarily broad - a legitimate sitemap extension should only need access to specific sitemap files or directories, not every website you visit. This creates potential for data harvesting, tracking browsing behavior, or accessing sensitive information across all websites. The combination of activeTab and broad host permissions means the extension can access content on any site when activated.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate it from your main browsing activities. Before using, verify that the extension actually provides valuable sitemap functionality that justifies the broad permissions. Look for alternative sitemap extensions with more restrictive permissions. If you must use this extension, disable it when not actively needed and avoid using it on sensitive websites like banking or personal accounts. Monitor your browsing for any unusual behavior or performance issues.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

Raw Manifest

{
  "name": "XML Sitemap",
  "action": {
    "default_popup": "popup.html"
  },
  "version": "1.0",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "A Chrome extension to view the sitemap of any website.",
  "permissions": [
    "activeTab"
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

XML Sitemap

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (2 total):

Raw Manifest

Detections

Manifest Findings