Extension Security Intelligence

Know what your
extensions are
really doing

Continuous security analysis across 9 extension marketplaces. Detect malware, secrets, obfuscation, and supply chain risks before they compromise your environment. Use the site, or call the data directly from riskyplugins.com/api/v1 through the REST API and hosted MCP endpoint.

9 Marketplaces

Also via OpenVSX

320K+
Extensions Analyzed
9
Marketplaces
2,400+
YARA Rules
24/7
Real-time Monitoring
Capabilities

Security analysis
at every layer

From source code scanning to behavioral analysis, we inspect every dimension of an extension's security posture.

Deep Security Analysis

Multi-engine scanning with YARA malware detection, TruffleHog secret scanning, Horusec SAST, and OSSF Scorecard evaluation. Every extension is dissected layer by layer.

2,400+ YARA malware signatures
Secret & credential detection
Obfuscation & packing analysis

Real-time Monitoring

Continuous scraping and re-analysis catches changes the moment they happen. Track version updates, permission changes, and risk score drift over time.

Continuous marketplace monitoring
Version diff tracking
Historical risk trend analysis

Supply Chain Intelligence

Map dependency trees, identify vulnerable packages, generate SBOMs, and assess developer trust scores. Understand the full supply chain before you install.

Dependency tree mapping
SBOM generation
Developer trust scoring
How It Works

From install to insight

Three steps to understanding the security posture of any extension in any marketplace.

1

Search or Submit

Search our database of 320,000+ pre-analyzed extensions or submit a new one. Just paste a marketplace URL or extension ID.

2

Deep Analysis

Our multi-engine pipeline scans source code, permissions, network behavior, dependencies, and developer history using 2,400+ security rules.

3

Actionable Scorecard

Get a comprehensive risk scorecard with category breakdowns, specific findings, remediation guidance, and historical risk trends.

Marketplace Coverage

Every store,
one platform

Whether your team uses Chrome extensions, VS Code plugins, JetBrains tools, or MCP servers, we have you covered with continuous monitoring across all major extension ecosystems.

Browser Extensions
Chrome Chrome 180K+
Firefox Firefox 35K+
Edge Edge 12K+
IDE Plugins
VS Code VS Code 55K+
JetBrains JetBrains 8K+
Notepad++ Notepad++
OpenVSX OpenVSX 4K+
AI & Automation
MCP Servers MCP Servers 2K+
n8n n8n 1K+
Threat Intelligence

See threats before
they reach you

Our platform surfaces the highest-risk extensions across all marketplaces, giving your security team the intelligence they need to protect your organization.

Explore threat database
Live Threat Feed
Updated 3s ago
Vindy | Boost Vinted Sales
HIGH 85
eRank - SEO for Ecommerce
HIGH 85
DeepRead AI: Web Summarizer & Response Generator
HIGH 85
TranscriptExporter - Bulk Export Fathom Transcripts
HIGH 85
Grammarly: AI Writing and Grammar Checker App
HIGH 85
Newired Extension
HIGH 85
1Password – Password Manager
HIGH 85
Whatfix Studio
HIGH 85
HTnini
HIGH 85
AdOff
HIGH 85
BestiaryArena SuperMod Loader
HIGH 85
Dewey
HIGH 85
Pervaziv AI Cortex
HIGH 85
Aria Coding Copilot
HIGH 85
HUGR Result Viewer
HIGH 85
CardanoVSC
HIGH 85
XCodeMap
HIGH 85
Railways for IDEA
HIGH 85
ILSpy Integration
HIGH 85
Simple AI Code Reviewer
HIGH 85
CompressedFileViewer
HIGH 85
NppGZipFileViewer [Deprecated]
HIGH 85
NppGZipFileViewer [Deprecated]
HIGH 85
CompressedFileViewer
HIGH 85
bandit-stealth
HIGH 85
art-tutorial
HIGH 85
qodana-code
HIGH 85
tia-import
HIGH 85
Highest risk extensions across all marketplaces View all →
Get Started

Stop trusting.
Start verifying.

Join security teams who have moved from blind trust to verified security for every extension in their stack.

Start Free Analysis View Documentation

No credit card required. Free tier includes 100 analyses/month.