GitHub DeepWiki Button (Unofficial)

Version 1.0.4 View in Chrome Web Store

Last scanned: 3 days ago | force re-scan

Extension Details

Rating: 5.0 ★ (4 ratings)

Users: 1,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a perfect 5.0 rating, though based on only 4 reviews, which limits reliability. With 1,000 users, it has modest adoption but lacks widespread validation. The extension appears to be unofficial and lacks clear developer information, which reduces trustworthiness. The specific focus on GitHub integration suggests legitimate functionality, but the unofficial nature raises questions about ongoing support and security updates.

Concerns:

The extension requests scripting permissions and host access specifically to GitHub, which is appropriate for its stated purpose of adding DeepWiki functionality. However, the "broad host permissions" finding suggests the extension may have wider access than necessary. The access to GitHub as a "sensitive domain" is concerning given that developers often store private repositories and sensitive code there. The lack of developer transparency and unofficial status means there's no clear accountability for data handling practices.

Recommendations:

Consider running this extension in a separate Chrome profile dedicated to development work to isolate any potential risks from your main browsing. Before installation, verify that the extension's functionality truly requires the permissions requested. Monitor the extension for any unusual behavior or unauthorized data access. Given the unofficial nature, consider looking for official alternatives or well-established GitHub enhancement tools with better developer transparency and larger user bases for increased security confidence.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://github.com/*. Ensure you trust this extension with access to these sites.

Raw Manifest

{
  "name": "GitHub DeepWiki Button (Unofficial)",
  "icons": {
    "16": "images/icon-16.png",
    "19": "images/icon-19.png",
    "32": "images/icon-32.png",
    "38": "images/icon-38.png",
    "48": "images/icon-48.png",
    "64": "images/icon-64.png",
    "128": "images/icon-128.png"
  },
  "version": "1.0.4",
  "background": {
    "service_worker": "scripts/background.js"
  },
  "short_name": "gh-deepwiki",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDescription__",
  "permissions": [
    "scripting"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "scripts/content.js"
      ],
      "css": [
        "styles/content.css"
      ],
      "run_at": "document_start",
      "matches": [
        "https://github.com/*"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "https://github.com/*"
  ],
  "manifest_version": 3,
  "minimum_chrome_version": "88.0",
  "web_accessible_resources": [
    {
      "matches": [
        "https://github.com/*"
      ],
      "resources": [
        "images/icon-16.png",
        "images/icon-19.png",
        "images/icon-32.png",
        "images/icon-38.png",
        "images/icon-48.png",
        "images/icon-64.png",
        "images/icon-128.png"
      ]
    }
  ]
}

by ✦ Astarte

GitHub DeepWiki Button (Unofficial)

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings

https://clients2.google.com/service/update2/crx	https://github.com/
https://deepwiki.com/	https://github.com/yamadashy/github-deepwiki