[ new scan ] [ statistics ] [ github ] [ twitter ]

One click emoji downloader for Slack

Version 1 View in Chrome Web Store

Last scanned: 2 days ago | force re-scan

Extension Details

Rating: 1.0 ★ (1 rating)

Users: 201

Context-Aware Verdict

HIGH

Risk Level

Trust Factors:

The extension has extremely limited trust indicators with only 201 users and a concerning 1.0 rating from just one review. The lack of developer information, missing last updated date, and absence of company reputation data significantly undermines credibility. The low adoption rate suggests either the extension is new or users are avoiding it due to quality or security concerns.

Concerns:

The downloads permission is particularly concerning for an emoji downloader, as this capability extends far beyond what should be necessary for the stated functionality. While the extension claims to download emojis for Slack, the broad downloads permission could potentially be exploited to download malicious files or access sensitive download history. The content script injection on Slack's emoji customization pages, combined with download capabilities, creates a risk vector for data exfiltration or unauthorized file downloads. The poor rating and minimal user feedback suggest potential functionality or security issues.

Recommendations:

Given the high-risk permission and lack of trust indicators, consider running this extension in a separate Chrome profile to isolate potential security risks. Monitor your downloads folder closely for any unexpected files if you choose to use it. Consider alternative emoji management solutions with better security track records and user reviews. If you must use this extension, disable it immediately after use and regularly review your download history for suspicious activity.

Security Analysis

MEDIUM

Overall Risk

Based on 1 total findings, ranked without considering overall context, including 1 high-risk and 0 medium-risk findings.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "name": "One click emoji downloader for Slack",
  "version": "1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Downloads slack emojis in one click",
  "permissions": [
    "downloads"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "https://*.slack.com/customize/emoji"
      ]
    }
  ],
  "manifest_version": 3
}

https://developer.chrome.com/docs/extensions/reference/downloads/#method-download	https://github.com/GoogleChrome/chrome-extensions-samples/blob/62a8f32a2d299c2259df6388e22a222200dec331/mv2-archive/api/downloads/download_links/popup.js#L49
https://slackmojis.com/emojis/12133-download	https://clients2.google.com/service/update2/crx

One click emoji downloader for Slack

Extension Details

Context-Aware Verdict

Security Analysis

Security Analysis Details

Required Permissions:

Embedded URLs (4 total):

Raw Manifest

Secure Annex (beta)