Frequently Asked Questions
Common questions about security, privacy, and technical implementation.
Does this detect malware?
No. This is a permission auditor. It analyzes the capabilities of an extension (what it requested access to), not the code execution (what it is actually doing). It helps you identify broad-privileged extensions that pose a higher security risk if they are malicious or compromised.
Why do some safe extensions have high scores?
Many legitimate tools require broad permissions. For example, a password manager like
1Password needs to read the DOM on every page to autofill credentials. This inherently
grants it <all_urls> access. Our tool flags this as
a "High Risk" capability because of the potential impact, regardless of the
developer's intent.
Why do you need the 'management' permission?
The management permission is required to read the
manifest files of other installed extensions. Without it, the browser sandboxes each
extension, preventing us from seeing what else is installed.
Is the project open source?
Yes. The source code is available on GitHub for audit. We believe security tools must be transparent to be trusted.
© 2026 Extension Permission Auditor. Built by Shehryar Asif.