Skip to content

Stanzin7/ExtensionShield

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

474 Commits
.github/workflows
.github/workflows
 
 
data/intel
data/intel
 
 
deploy
deploy
 
 
docs
docs
 
 
frontend
frontend
 
 
images
images
 
 
packages
packages
 
 
scripts
scripts
 
 
src/extension_shield
src/extension_shield
 
 
supabase
supabase
 
 
tests
tests
 
 
.dockerignore
.dockerignore
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.gitleaks.toml
.gitleaks.toml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.pylintrc
.pylintrc
 
 
.python-version
.python-version
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
pyproject.toml
pyproject.toml
 
 
railway.toml
railway.toml
 
 
uv.lock
uv.lock
 
 

Repository files navigation

ExtensionShield

ExtensionShield

Chrome Extension Security Scanner & Governance Platform

License: MIT · Security · Get Started · Contribute


Manage and audit Chrome extensions with confidence

ExtensionShield helps you check Chrome extensions in a simple and clear way.

It scans extensions from the Chrome Web Store or from CRX/ZIP uploads, shows risk scores, and helps you understand what an extension can access. The core scanner, CLI, and local analysis are MIT-licensed and work without any cloud dependency.

Get the Chrome extension

Install the ExtensionShield Chrome extension to manage your extensions from My Extensions, check their security audit score, and spot risky extensions before they become a problem.

  • Manage installed extensions in one place
  • Review labels like Safe, Review, and Unknown
  • Stay safer while browsing with better extension visibility

Get it on Chrome Web Store

Screenshot 2026-03-12 at 1 51 23 PM

Overview

ExtensionShield scans Chrome extensions, runs security and privacy analysis, and produces risk scores and summary reports.

Optional cloud features such as auth, history, team monitoring, and community queue are available via ExtensionShield Cloud.

What ExtensionShield does

Feature Description
Scan Scan extensions from the Chrome Web Store or by uploading CRX/ZIP files
Analyze Review permissions, SAST, entropy, and optional VirusTotal integration
Score Generate security and privacy risk scores with reports
Summarize Create written summaries of findings when enabled

In OSS mode you get the scanner, CLI, local SQLite storage, and report UI with no cloud required.

In Cloud mode you also get auth, scan history, telemetry, and enterprise features.

Documentation

Document Description
GET_STARTED.md Setup, config, Docker, CLI, OSS vs Cloud, and Make commands
scripts/README.md What each script does and when to run it
OPEN_CORE_BOUNDARIES.md OSS vs Cloud, enforcement, and configuration
CONTRIBUTING.md How to contribute
SECURITY.md Reporting vulnerabilities and secrets policy
COMMERCIAL.md Commercial use guidance
TRADEMARK.md Brand usage guidelines
CODE_OF_CONDUCT.md Community standards
NOTICE Third-party attributions

License & attribution

  • Core (scanner, CLI, local analysis): MIT — see LICENSE
  • Cloud (auth, Supabase, telemetry admin, community queue, enterprise forms): proprietary, available via ExtensionShield Cloud

Community

We build ExtensionShield in the open so security tools stay transparent and easy to inspect.

Feedback, issue reports, docs fixes, tests, and rule improvements are welcome. If ExtensionShield helps you, consider opening a PR, sharing your use case, or supporting the project.

Acknowledgments: ExtensionShield is our own design. We took inspiration from ThreatXtension in the extension scanning space.

About

Chrome extension risk scanner — scan Chrome Web Store links or CRX/ZIP builds and generate evidence-based security/privacy reports. Open-core.

extensionshield.com

Topics

chrome-extension open-source security privacy virustotal security-tools sast supply-chain-security

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

8 stars

Watchers

4 watching

Forks

11 forks
Report repository

Releases 2

ExtensionShield v0.1.2 Latest
Mar 18, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages