Extension Guard

Extension PermissionsPASTE JSON ARRAY, COMMA-SEPARATED, OR ONE PER LINE

Live analysis

Try a sample

How to find extension permissions

Method 1 — Chrome Web Store: Visit the extension's Chrome Web Store page → scroll down to "Permissions" section → copy the listed permissions.

Method 2 — Installed Extensions: Go to chrome://extensions → click "Details" on any extension → look for "Permissions" section.

Method 3 — manifest.json: If you have the extension source, find manifest.json and copy the "permissions" and "host_permissions" arrays.

What This Tool Does

Extension Guard is built for deterministic developer and agent workflows.

Scan Chrome extension permissions for risky combinations, privilege escalation patterns, and least-privilege policy gaps.

Use How to Use for execution steps and FAQ for constraints, policies, and edge cases.

Last updated: February 24, 2026

This tool is provided as-is for convenience. Output should be verified before use in any production or critical context.

Agent Invocation

Best Path For Builders

Browser workflow

Runs instantly in the browser with private local processing and copy/export-ready output.

Browser Workflow

This tool is optimized for instant in-browser execution with local data handling. Run it here and copy/export the output directly.

/extension-guard/

For automation planning, fetch the canonical contract at /api/tool/extension-guard.json.

How to Use Extension Guard

1

Paste extension permissions

Copy the permissions from a Chrome extension's Web Store page, manifest.json, or chrome://extensions details. Paste as JSON array, comma-separated, or one per line.
2

Click Analyze Permissions

The security engine scores each permission individually and detects dangerous combinations that amplify risk. Results appear instantly.
3

Review the risk report

See your overall grade (A-F), risk score (0-100), color-coded permission breakdown, and any dangerous combination alerts with explanations.
4

Understand each permission

Every permission includes a plain-English explanation of what it allows and why it matters. Critical and high-risk permissions are flagged prominently.
5

Copy or share the report

Click 'Copy Report' to get a markdown-formatted security report you can share with your team or include in documentation.

Frequently Asked Questions

What is Extension Guard?

Extension Guard is a free Chrome extension security scanner that analyzes permissions to detect potential risks. Paste an extension's permissions and get an instant risk score, dangerous combination alerts, and plain-English explanations of what each permission allows.

How do I find a Chrome extension's permissions?

Visit the Chrome Web Store page and scroll to 'Permissions', go to chrome://extensions and click 'Details' on any extension, or check the manifest.json file for 'permissions' and 'host_permissions' arrays.

Is Extension Guard free and private?

Yes, Free to use and privacy-first by design. All security analysis runs entirely in your browser — your extension permissions are not sent to external servers.

What makes a Chrome extension dangerous?

Dangerous extensions request excessive permissions like <all_urls> (access to all websites), webRequest (intercept all traffic), and cookies (steal login sessions). Especially dangerous are COMBINATIONS of these permissions.

Does Extension Guard detect malicious extensions?

It analyzes permissions and permission combinations to flag potential risks. It cannot detect malicious code hidden within an extension — only the permissions it requests. A high risk score doesn't mean an extension IS malicious, but it CAN do more damage if compromised.

Extension Guard

What This Tool Does

Agent Invocation

How to Use Extension Guard

Paste extension permissions

Click Analyze Permissions

Review the risk report

Understand each permission

Copy or share the report

Frequently Asked Questions