[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Hebrew support for Slack. RTL

Version 1.8 View in Chrome Web Store

Last scanned: 3 days ago | force re-scan

Extension Details

Rating: 5.0 ★ (5 ratings)

Users: 280

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a perfect 5.0 rating but only 5 reviews, which limits confidence in user feedback. With just 280 users, it has a very small user base that makes it difficult to assess real-world reliability. The lack of visible developer information raises transparency concerns, as users cannot verify the creator's identity or reputation. The extension appears to serve a legitimate niche purpose for Hebrew RTL support in Slack.

Concerns:

The tabs permission is overly broad for an extension that claims to only provide Hebrew RTL support for Slack. This permission allows access to all browser tabs and their URLs, not just Slack tabs, creating unnecessary privacy exposure. While the content script is properly scoped to Slack domains, the tabs permission extends far beyond this scope. The storage permission, while less concerning, allows local data storage that could potentially be misused.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate its broad tab access from your other browsing activities. Monitor the extension's behavior and consider alternatives with more restrictive permissions if available. Given the small user base and lack of developer transparency, exercise caution and regularly review whether the Hebrew RTL functionality justifies the privacy trade-offs. The extension's permissions suggest it could access more information than necessary for its stated purpose.

Findings

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
tabs

Embedded URLs (11 total):

https://bbureau.gumroad.com/l/activation-code	https://fonts.gstatic.com/s/alef/v21/FeVfS0NQpLYgnjdRCrNy1bRbkg.woff2
https://fonts.gstatic.com/s/alef/v21/FeVQS0NQpLYglo50H5xQ2J5hm25mww.woff2	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu0SC55K5gw.woff2
https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4iaVIUwaEQbjB_mQ.woff2	https://fonts.gstatic.com/s/rubik/v23/iJWKBXyIfDnIV7nDrXyw023e1Ik.woff2
https://fonts.gstatic.com/s/frankruhllibre/v15/j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Ll4brkiY-xBg.woff2	https://fonts.gstatic.com/s/notoserifhebrew/v20/k3k5o9MMPvpLmixYH7euCwmkS9DohjX1-kRyiqyBqIxnoLbD-VBM2jVkL3Lr.woff2
https://fonts.gstatic.com/s/davidlibre/v13/snfus0W_99N64iuYSvp4W8l54J-xYj-Zc5Y.woff2	https://slack-rtl-activation.vercel.app/api/activate?activation_code=
https://clients2.google.com/service/update2/crx

Raw Manifest

{
  "name": "__MSG_extensionName__",
  "icons": {
    "16": "icon16.png",
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "action": {
    "default_icon": "icon16.png",
    "default_popup": "default_popup.html"
  },
  "version": "1.8",
  "background": {
    "service_worker": "background.js"
  },
  "options_ui": {
    "page": "default_popup.html",
    "open_in_tab": false
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_extensionDescription__",
  "permissions": [
    "storage",
    "tabs"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "jquery.min.js",
        "slack-rtl.js"
      ],
      "css": [
        "slack-rtl.css"
      ],
      "matches": [
        "*://*.slack.com/*"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte