About Extension Safe

Browser extensions are the most overlooked security risk on your computer

Extension Safe was built to give non-technical users a clear, honest picture of what any Chrome extension can actually do — before or after installing it.

What Extension Safe does

Paste any Chrome Web Store URL and Extension Safe downloads the extension package directly from Google, reads its code, and produces a plain-English report covering:

Every permission the extension requests and what it actually allows

Which external servers the extension contacts in its code

Which websites the extension injects code into and can read

Whether the extension uses code obfuscation techniques to hide its behavior

An AI-generated assessment of whether the permissions match the extension's stated purpose

How the analysis works

Every report is built from five separate analyses run against the extension package.

01

Permission analysis

The extension's manifest.json declares which Chrome APIs it can use. Extension Safe maps each permission to what it actually enables — for example, the cookies permission lets an extension read login sessions from every website you visit.

02

Network call detection

The JavaScript files are scanned for actual fetch(), XMLHttpRequest, and WebSocket calls. This only reports domains where the extension actively sends data — unknown domains are listed separately from recognized services.

03

Content script mapping

Extensions declare which websites they inject code into via content_scripts match patterns. Extension Safe extracts these patterns and lists the sites where the extension runs and can read or modify page content.

04

Code obfuscation detection

The JavaScript code is scanned for techniques used to hide behavior: hex-encoded strings, eval() usage, base64 runtime decoding, and deeply nested functions. Legitimate extensions have no reason to use these. Each technique is labeled by severity.

05

AI permission assessment

A locally-running Ollama/LLaMA model is given the extension's stated purpose alongside its detected permissions and network calls. It assesses whether the access the extension requests is proportionate to what it claims to do.

What Extension Safe does not do

Understanding the limits of this tool is just as important as understanding what it finds.

It does not monitor extensions at runtime

The analysis is static — it reads the code published to the Chrome Web Store at the time of the request. It cannot observe what an extension actually does while it runs in your browser.

It does not prove malicious intent

Having broad permissions or contacting external servers is not proof that an extension is malicious. Many legitimate extensions need wide access. The report shows capability, not confirmed behavior.

It does not catch server-side attacks

Some extension attacks involve a legitimate extension talking to a compromised backend. Extension Safe can show you which servers an extension calls, but cannot assess what those servers do in response.

It does not replace reviewing the extension yourself

For extensions with access to sensitive sites, there is no substitute for reading the extension's privacy policy, checking its developer's public presence, and reviewing recent user reviews.

Chrome permission reference

These are the permissions Extension Safe flags and what they mean in practice.

cookiesHIGH

Read and write cookies from any website — including login sessions and authentication tokens.

<all_urls>HIGH

Access every website you visit without restriction.

webRequestHIGH

Intercept, read, and modify network requests before they leave your browser.

managementHIGH

List, disable, enable, or uninstall other extensions installed in your browser.

scriptingHIGH

Inject JavaScript into web pages you visit — can read forms, capture keystrokes, and modify page content.

tabsMEDIUM

See the URL, title, and status of every open tab in real time.

historyMEDIUM

Read your full browsing history including every URL you have ever visited.

clipboardReadMEDIUM

Read the current contents of your clipboard, including anything you copy.

downloadsMEDIUM

Access your download history and initiate or cancel downloads.

storageLOW

Store data locally in your browser. Not inherently dangerous but can be used to persist collected data.

notificationsLOW

Display browser notifications. No access to your data.

alarmsLOW

Schedule code to run at intervals. Useful for background tasks.

nativeMessagingHIGH

Communicate with programs installed on your computer outside the browser entirely.

Ready to check an extension?

Paste any Chrome Web Store URL and get a full report in seconds.

Analyze an extension →