One click emoji downloader for Slack
Version 1 View in Chrome Web Store
Last scanned: 15 days ago
| force re-scan
Extension Details
Rating:
1.0 ★
(2 ratings)
Users:
196
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Overall Risk
Trust Factors: This extension has several concerning trust indicators. With only 196 users and a poor 1.0-star rating from just 2 reviews, it shows very limited adoption and user satisfaction. The lack of author information and developer details raises transparency concerns. The extension appears to be relatively new or abandoned given the minimal user base and rating data.
Concerns: The primary concern is the downloads permission, which allows the extension to download files and access download history. While this permission aligns with the extension's stated purpose of downloading emoji files, it creates potential security risks if the extension is compromised or malicious. The content script injection on Slack's emoji customization pages could potentially access sensitive workspace data. The combination of broad download capabilities with access to Slack workspaces presents privacy and security risks, especially given the developer's lack of transparency.
Recommendations: Given the medium risk level and poor user feedback, consider running this extension in a separate Chrome profile to isolate potential security impacts. Before installation, verify the extension's legitimacy by checking if similar functionality is available through more established developers with better ratings and transparency. Monitor your download folder for unexpected files if you choose to use this extension. Consider whether the convenience justifies the security risks, as emoji downloading can often be accomplished through other means with less permission requirements.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
High-Risk Permission: downloads
This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.
Security Analysis Details
Required Permissions:
- downloads
Embedded URLs (4 total):
| https://developer.chrome.com/docs/extensions/reference/downloads/#method-download | https://github.com/GoogleChrome/chrome-extensions-samples/blob/62a8f32a2d299c2259df6388e22a222200dec331/mv2-archive/api/downloads/download_links/popup.js#L49 | |
| https://slackmojis.com/emojis/12133-download | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "One click emoji downloader for Slack", "version": "1", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Downloads slack emojis in one click", "permissions": [ "downloads" ], "content_scripts": [ { "js": [ "content.js" ], "matches": [ "https://*.slack.com/customize/emoji" ] } ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -