One click emoji downloader for Slack
Version 1 View in Chrome Web Store
Last scanned: about 2 months ago
| force re-scan
Extension Details
Rating:
1.0 ★
(1 rating)
Size:
4.64KiB
Last Updated:
April 28, 2022
Users:
217
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Risk Level
Trust Factors:
- The extension has a relatively low number of users (217), which could indicate that it is not widely trusted or popular.
- The extension has a low rating (1.0 out of 5) based on only one review, which raises some concerns about its quality and trustworthiness.
- The extension's description is brief and does not provide much information about the developer or the extension's functionality.
Concerns:
- The "downloads" permission is considered a high-risk permission, as it allows the extension to download files and access the download history, which could potentially be used for malicious purposes.
- The extension has access to content scripts on Slack's website, which could potentially be used to collect sensitive information or perform unauthorized actions.
Recommendations:
- Exercise caution when installing this extension, as it has a high-risk permission and limited information about the developer or extension's functionality.
- Consider running the extension in a separate Chrome profile or a sandboxed environment to mitigate potential risks.
- Monitor the extension's behavior and check for any suspicious activities or unauthorized actions.
- If possible, seek alternative extensions with similar functionality from more reputable developers or sources.
- Regularly review and update the extension to ensure that it is not compromised or exhibiting any malicious behavior.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
MEDIUM
Overall Risk
Based on 1 total findings, ranked without considering overall context, including 1 high-risk and 0 medium-risk findings.
HIGH
High-Risk Permission: downloads
This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.
Security Analysis Details
Required Permissions:
- downloads
Embedded URLs (4 total):
| https://developer.chrome.com/docs/extensions/reference/downloads/#method-download | https://github.com/GoogleChrome/chrome-extensions-samples/blob/62a8f32a2d299c2259df6388e22a222200dec331/mv2-archive/api/downloads/download_links/popup.js#L49 | |
| https://slackmojis.com/emojis/12133-download | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "One click emoji downloader for Slack", "version": "1", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Downloads slack emojis in one click", "permissions": [ "downloads" ], "content_scripts": [ { "js": [ "content.js" ], "matches": [ "https://*.slack.com/customize/emoji" ] } ], "manifest_version": 3 }
Secure Annex (beta)
Coming soon...