One click emoji downloader for Slack
Version 1 View in Chrome Web Store
Last scanned: about 1 month ago
| force re-scan
Extension Details
Rating:
1.0 ★
(1 rating)
Size:
4.64KiB
Last Updated:
April 28, 2022
Users:
248
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Risk Level
Trust Factors:
- The extension has a relatively low number of users (248), which could indicate that it is not widely trusted or popular.
- The extension has only one rating, which is a low score of 1.0, suggesting that the user experience may not be satisfactory.
- The extension's description is minimal, and there is no information provided about the developer or company, which raises some concerns about transparency and accountability.
Concerns:
- The extension requests the "downloads" permission, which allows it to download files and access the download history. This permission is considered high-risk and could potentially be misused to compromise security or privacy.
- The extension has access to content scripts on the "https://*.slack.com/customize/emoji" domain, which could potentially allow it to modify or access sensitive information on Slack's emoji customization page.
Recommendations:
- Exercise caution when installing this extension, as the lack of information about the developer and the high-risk permission raise some security concerns.
- Consider running the extension in a separate Chrome profile or a sandboxed environment to isolate it from your main browsing activities and minimize potential risks.
- Monitor the extension's behavior and check for any suspicious activities, such as unauthorized file downloads or data access.
- Look for alternative extensions from reputable developers or companies that offer similar functionality but with better transparency and security practices.
- If you decide to use the extension, ensure that you keep your system and browser up-to-date with the latest security patches and updates.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
MEDIUM
Overall Risk
Based on 1 total findings, ranked without considering overall context, including 1 high-risk and 0 medium-risk findings.
HIGH
High-Risk Permission: downloads
This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.
Security Analysis Details
Required Permissions:
- downloads
Embedded URLs (4 total):
| https://developer.chrome.com/docs/extensions/reference/downloads/#method-download | https://github.com/GoogleChrome/chrome-extensions-samples/blob/62a8f32a2d299c2259df6388e22a222200dec331/mv2-archive/api/downloads/download_links/popup.js#L49 | |
| https://slackmojis.com/emojis/12133-download | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "One click emoji downloader for Slack", "version": "1", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Downloads slack emojis in one click", "permissions": [ "downloads" ], "content_scripts": [ { "js": [ "content.js" ], "matches": [ "https://*.slack.com/customize/emoji" ] } ], "manifest_version": 3 }
Secure Annex (beta)
Coming soon...