Teal - Free Job Search & Contacts Tracker
Version 3.9.3 View in Chrome Web Store
Last scanned: about 2 months ago
| force re-scan
Extension Details
Developer:
tealhq.com
Rating:
4.9 ★
(3K ratings)
Size:
1.47MiB
Last Updated:
January 21, 2025
Users:
200,000
Developer Info:
Teal Labs, Inc7800 SW 57th Ave
South Miami, FL 33143-5528
US
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Risk Level
Trust Factors:
- The extension has a relatively high number of users (200,000) and a good rating (4.9/5), indicating a level of trust from the user community.
- The developer is a registered company (Teal Labs, Inc.) with a physical address, which adds some credibility.
Concerns:
- The extension requests broad host permissions (http://*/* and https://*/*), allowing it to access any website. This is a potential privacy and security risk, as the extension could potentially track browsing activity or access sensitive data.
- The "activeTab" permission allows the extension to access the currently active tab, which could be a privacy concern if the extension is not transparent about how it uses this data.
- The "storage" permission allows the extension to store data locally, which could be a concern if the extension stores sensitive information insecurely.
Recommendations:
- Review the extension's privacy policy and terms of service to understand how it collects, uses, and shares user data.
- Consider running the extension in a separate Chrome profile or incognito mode to isolate it from your main browsing activity.
- Monitor the extension's behavior and permissions, and uninstall it if you notice any suspicious activity or changes.
- Use caution when entering sensitive information (e.g., login credentials, financial data) on websites while the extension is running.
- Consider using alternative job search and contact management tools that do not require broad host permissions or access to your browsing activity.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
MEDIUM
Overall Risk
Based on 3 total findings, ranked without considering overall context, including 1 high-risk and 2 medium-risk findings.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- activeTab
- alarms
- storage
Host Permissions:
- https://*.tealhq.com/*
Content Security Policy:
- extension_pages: default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline'; img-src 'self' https://app.tealhq.com data:; font-src 'self'; connect-src https://auth.service.tealhq.com https://auth-staging.tealhq.com https://company.service.tealhq.com https://company-staging.tealhq.com http://localhost:3003 http://localhost:3001
Embedded URLs (75 total):
| https://github.com/itfoundry/Poppins | http://scripts.sil.org/OFL | |
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://clients2.google.com/service/update2/crx | https://tealhq.com | |
| https://app.tealhq.com | https://auth.service.tealhq.com | |
| https://auth-staging.tealhq.com | https://company.service.tealhq.com | |
| https://company-staging.tealhq.com | https://app.tealhq.com/ | |
| https://www.tealhq.com/ | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://jquery.com/ | |
| https://jquery.org/license | http://jedwatson.github.io/classnames | |
| http://momentjs.com/guides/#/warnings/define-locale/ | http://momentjs.com/guides/#/warnings/js-date/ | |
| http://momentjs.com/guides/#/warnings/min-max/ | http://momentjs.com/guides/#/warnings/add-inverted-param/ | |
| http://momentjs.com/guides/#/warnings/zone/ | http://momentjs.com/guides/#/warnings/dst-shifted/ | |
| https://auth.service.tealhq.com/ | https://resume.service.tealhq.com/ | |
| https://radix-ui.com/primitives/docs/components/ | https://radix-ui.com/primitives/docs/components/alert-dialog | |
| https://prosemirror.net/docs/guide/#generatable | https://api2.amplitude.com/2/httpapi | |
| https://api.eu.amplitude.com/2/httpapi | https://api2.amplitude.com/batch | |
| https://api.eu.amplitude.com/batch | https://www.docs.developers.amplitude.com/data/sdks/browser-2/#tracking-default-events | |
| https://sr-client-cfg.amplitude.com/config | https://sr-client-cfg.stag2.amplitude.com/config | |
| https://sr-client-cfg.eu.amplitude.com/config | https://app.amplitude.com | |
| https://app.eu.amplitude.com | https://apps.stag2.amplitude.com | |
| https://cdn.amplitude.com/libs/visual-tagging-selector-1.0.0-alpha.js.gz | https://s3.amazonaws.com/teal.extension/config.beta.json | |
| https://s3.amazonaws.com/teal.extension/config.json | https://auth-kermit.tealhq.com/ | |
| https://resume-kermit.tealhq.com/ | https://app-kermit.tealhq.com/ | |
| https://auth-beta.tealhq.com/ | https://resume-beta.tealhq.com/ | |
| https://app-beta.tealhq.com/ | https://auth-staging.tealhq.com/ | |
| https://resume-staging.tealhq.com/ | https://app-staging.tealhq.com/ | |
| https://www.linkedin.com/jobs/search | http://fb.me/use-check-prop-types | |
| https://git.io/JUIaE# | https://github.com/nodeca/pako | |
| https://github.com/date-fns/date-fns/blob/master/docs/upgradeGuide.md#string-arguments | https://raw.githubusercontent.com/jsonresume/resume-schema/v1.0.0/schema.json | |
| https://github.com/jsonresume/resume-schema/blob/v1.0.0/schema.json | https://www.linkedin.com/company/ | |
| https://www.linkedin.com/in/ | https://twitter.com/ | |
| https://www.linkedin.com/voyager/api | http://unsplash.com/ | |
| http://partner.canva.com/teal | https://careersidekick.com/linkedin-headlines-job-seekers/ | |
| https://business.linkedin.com/talent-solutions/blog/linkedin-best-practices/2016/7-linkedin-profile-summaries-that-we-love-and-how-to-boost-your-own | https://app.tealhq.com/achievement-assistant | |
| https://www.tealhq.com/post/skills-workbook | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://quilljs.com/ | https://quilljs.com | |
| https://github.com/zenoamaro/react-quill#using-deltas |
Raw Manifest
{ "name": "Teal - Free Job Search & Contacts Tracker", "icons": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": {}, "author": { "url": "https://www.tealhq.com/", "name": "www.tealhq.com" }, "version": "3.9.3", "background": { "type": "module", "service_worker": "src/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "The better way to job search. Save Jobs, Contacts, Companies & Resumes in one place.", "permissions": [ "activeTab", "alarms", "storage" ], "homepage_url": "https://tealhq.com", "default_locale": "en", "content_scripts": [ { "js": [ "src/content.js" ], "matches": [ "http://*/*", "https://*/*" ], "all_frames": false } ], "host_permissions": [ "https://*.tealhq.com/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline'; img-src 'self' https://app.tealhq.com data:; font-src 'self'; connect-src https://auth.service.tealhq.com https://auth-staging.tealhq.com https://company.service.tealhq.com https://company-staging.tealhq.com http://localhost:3003 http://localhost:3001" }, "web_accessible_resources": [ { "matches": [ "https://app.tealhq.com/*" ], "resources": [ "content/images/logo.svg", "content/videos/pinning.mp4", "content/videos/full_process.mp4", "content/videos/selecting_jobs.mp4", "content/videos/pinning.mp4" ] }, { "matches": [ "http://*/*", "https://*/*", "<all_urls>" ], "resources": [ "/images/*.svg", "/images/*.png", "/fonts/*.woff", "style.css" ] } ] }
Secure Annex (beta)
Coming soon...