Risk Scoring Model
Deterministic evaluation of browser capabilities. Understanding the weight behind every permission request.
Impact vs. Intent
Our score measures technical capability (what an extension can do), not intent (what it will do). A high score identifies broad access, which inherently carries higher risk if compromised.
| Permission | Weight | Impact Analysis |
|---|---|---|
debugger |
High (50) | Total control over browser protocol. Can inspect/modify DOM and network. |
<all_urls> |
High (40) | Read/Write access to every website visited. |
tabs |
Medium (20) | Access to tab metadata, often including URL and title (browsing history). |
storage |
Low (1) | Standard capability to store user settings locally. |
Scoring Tiers
Targeted tools with minimal, scope-limited access.
Tools requiring access to browsing history or specific site data.
Broad system-wide tools (e.g., AdBlockers) requiring full DOM access.
© 2026 Extension Permission Auditor. Built by Shehryar Asif.