[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

One click emoji downloader for Slack

Version 1 View in Chrome Web Store

Last scanned: 4 days ago | force re-scan

Extension Details

Rating: 1.0 ★ (2 ratings)

Users: 196

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has very limited adoption with only 196 users and a concerning 1.0 star rating from just 2 reviews, suggesting user dissatisfaction. The lack of author information and developer details raises transparency concerns. The extension appears to serve a legitimate purpose for Slack emoji management, but the poor reception indicates potential functionality or quality issues.

Concerns:

The downloads permission is unnecessarily broad for an emoji downloader that should only need to save emoji files. This permission grants access to the entire download history and ability to download any files, creating privacy risks. The content script injection on Slack's emoji customization pages could potentially access sensitive workspace data. The extremely low rating suggests the extension may not work as intended or could have problematic behavior. The absence of developer contact information makes it difficult to verify legitimacy or report issues.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing session. Given the poor user ratings and broad permissions, you might want to look for alternative emoji management tools with better reputations. If you must use this extension, monitor your download history for any unexpected files and review your Slack workspace security settings. The combination of low trust indicators and elevated permissions warrants caution.

Findings

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "name": "One click emoji downloader for Slack",
  "version": "1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Downloads slack emojis in one click",
  "permissions": [
    "downloads"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "https://*.slack.com/customize/emoji"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

https://developer.chrome.com/docs/extensions/reference/downloads/#method-download	https://github.com/GoogleChrome/chrome-extensions-samples/blob/62a8f32a2d299c2259df6388e22a222200dec331/mv2-archive/api/downloads/download_links/popup.js#L49
https://slackmojis.com/emojis/12133-download	https://clients2.google.com/service/update2/crx

One click emoji downloader for Slack

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings