Skip to main contentThe Search feature allows you to quickly look up and analyze browser extensions and editor extensions from multiple platforms. Simply enter an extension ID or name to get comprehensive security insights and analysis.
Features
The top section displays key information about the extension:
- Extension Name & Logo - Visual identification with featured badge if applicable
- Status Indicators
- Active/Inactive status with last inactive date
- Visibility (Public/Unlisted)
- Manifest version (v2 or v3 if applicable)
- Verdict Badge - security analysis verdict applied with detailed references and dates
- Categories - Secure Annex extension classification and metadata
- Tags - Marketplace tags applied to the extension
- Platform Indicator - Shows which marketplace the extension is from
- Action Buttons
- Flag/Report extension
- Add to watchlist
- Download extension package
- Version Selector - Switch between different extension versions for analysis
- Scores - security metrics and risk assessment
- Screenshots - Interactive carousel of screenshots from the marketplace listing
AI Analysis
Automated security assessment section providing:
- Comprehensive behavior analysis of the extension
- Permission usage evaluation
- Potential security concerns identification
- Natural language summary of findings
- Ability to trigger new analysis for extensions that haven’t been scanned
Code Review
Detailed source code analysis including:
- In-depth code examination
- Suspicious pattern detection
- Security best practices evaluation
- On-demand analysis for extensions without existing reviews
Manifest Risks
Configuration-level security assessment:
- Permission analysis
- Identified security risks from manifest configuration
- Risk severity ratings (Low, Medium, High)
- Detailed descriptions of each risk
- Code snippets showing the problematic configuration
Signatures
Pattern-based threat detection:
- Matches against known malicious code patterns
- Tracking script detection
- Suspicious API usage identification
- Severity levels for each signature match
- File paths and line numbers for matched patterns
- Author and reference information for each signature
- Paginated results with investigation tools
Vulnerabilities
Known security issues and CVEs:
- Dependency vulnerability scanning
- CVE identification and tracking
- Severity ratings (1-10 scale)
- Vulnerability descriptions
- Paginated results for extensions with multiple issues
URLs
Network communication analysis:
- All domains the extension communicates with
- URL endpoints accessed by the extension
- File paths where URLs are referenced
- Domain categorization
- Paginated results for comprehensive URL tracking
User Reviews
Community feedback section:
- User ratings and reviews from the marketplace
- Individual review details with ratings (1-5 stars)
- Review dates and user information
- Paginated results for browsing all reviews
Extension Files
Source code exploration (available for detailed investigation):
- Browse complete extension file structure
- View individual file contents
- Syntax-highlighted code display
- Search within files
- Download individual files
Version Management
Version control and history features:
- Version Selector - Dropdown to switch between all available versions
- Version History - Complete list of published versions
- Ownership History - Track changes in extension ownership over time
- Download Package
- Latest version available for all users
- Historical versions for enterprise tier users
- Format support: .crx (Chrome/Edge), .xpi (Firefox), .vsix (VS Code/OpenVSX)
Monitoring & Reporting
Proactive tracking and communication tools:
- Watch Extension - Monitor for changes including:
- New version releases
- Security issue discoveries
- Status changes (active/inactive)
- Report Extension - Flag suspicious extensions:
- Share security concerns
- Request investigation assistance
- Provide context about suspicious behavior
- Direct communication to security team via Slack
