[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

One click emoji downloader for Slack

Version 1 View in Chrome Web Store

Last scanned: 11 days ago | force re-scan

Extension Details

Rating: 1.0 ★ (2 ratings)

Users: 190

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has very limited adoption with only 190 users and a concerning 1.0 star rating from just 2 reviews, suggesting user dissatisfaction. The lack of author information and developer details raises transparency concerns. The extension appears to be a simple utility for downloading Slack emojis, which is a legitimate use case, but the poor reception indicates potential issues with functionality or user experience.

Concerns:

The downloads permission is overly broad for an emoji downloading tool and represents the primary security risk. While downloading emojis requires file access, this permission also grants access to download history and the ability to download any files, which extends far beyond the stated functionality. The content script injection on Slack's emoji customization pages could potentially access sensitive workspace data. The minimal user base and poor ratings suggest the extension may not be well-maintained or properly tested.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing environment. Given the poor user ratings and broad permissions, you might want to look for alternative emoji downloading solutions with better reputations and more restrictive permissions. If you must use this extension, monitor your download folder for unexpected files and review your download history regularly. Consider whether the convenience justifies the security risks, especially given the availability of manual emoji downloading methods.

Findings

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "name": "One click emoji downloader for Slack",
  "version": "1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Downloads slack emojis in one click",
  "permissions": [
    "downloads"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "https://*.slack.com/customize/emoji"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

https://developer.chrome.com/docs/extensions/reference/downloads/#method-download	https://github.com/GoogleChrome/chrome-extensions-samples/blob/62a8f32a2d299c2259df6388e22a222200dec331/mv2-archive/api/downloads/download_links/popup.js#L49
https://slackmojis.com/emojis/12133-download	https://clients2.google.com/service/update2/crx

One click emoji downloader for Slack

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings