Is "Jam-Ya Auto Fade" on Chrome Web Store Safe to Install?
Extension for introducing configurable auto fade in/out behaviour for Spotify Web Player. Including Equalizer
Risk Assessment
Analyzed100 security findings detected across all analyzers
Chrome extension requesting 6 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
6 rules(31 hits)Requested Permissions
6 permissionsAccess your identity and sign-in tokens
About This Extension
Detailed Findings
35 totalYARA Rule Matches
6 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 54
detected Domain: jam-ya.com XIOC detected Domain: jam-ya.com
extracted_from_files
detected Domain: extension.sh XIOC detected Domain: extension.sh
extracted_from_files
detected Domain: event.data XIOC detected Domain: event.data
extracted_from_files
detected IP: ::af XIOC detected IP: ::af
extracted_from_files
detected MD5 Hash: 535ef4e171b74750836388e73b3c20d7 XIOC detected MD5 Hash: 535ef4e171b74750836388e73b3c20d7
extracted_from_files
detected URL: https://jam-ya.com/auth/refresh XIOC detected URL: https://jam-ya.com/auth/refresh
extracted_from_files
detected URL: https://api.spotify.com/* XIOC detected URL: https://api.spotify.com/*
extracted_from_files
detected URL: https://accounts.spotify.com/* XIOC detected URL: https://accounts.spotify.com/*
extracted_from_files
detected URL: https://jam-ya.com/* XIOC detected URL: https://jam-ya.com/*
extracted_from_files
detected URL: https://www.spotify.com/legal/privacy-policy/) XIOC detected URL: https://www.spotify.com/legal/privacy-policy/)
extracted_from_files
detected URL: https://jam-ya.com/chrome-extension/jam-ya-auto-fade/privacy-policy.html XIOC detected URL: https://jam-ya.com/chrome-extension/jam-ya-auto-fade/privacy-policy.html
extracted_from_files
detected URL: https://github.com/jjHimmelreich/Jemya XIOC detected URL: https://github.com/jjHimmelreich/Jemya
extracted_from_files
detected URL: https://jam-ya.com XIOC detected URL: https://jam-ya.com
extracted_from_files
detected URL: https://www.spotify.com/legal/privacy-policy/ XIOC detected URL: https://www.spotify.com/legal/privacy-policy/
extracted_from_files
detected Domain: win.id XIOC detected Domain: win.id
extracted_from_files
detected URL: https://open.spotify.com/* XIOC detected URL: https://open.spotify.com/*
extracted_from_files
detected URL: https://developer.spotify.com/dashboard XIOC detected URL: https://developer.spotify.com/dashboard
extracted_from_files
detected URL: https:// XIOC detected URL: https://
extracted_from_files
detected URL: https://api.spotify.com$ XIOC detected URL: https://api.spotify.com$
extracted_from_files
detected URL: https://open.spotify.com/*' XIOC detected URL: https://open.spotify.com/*'
extracted_from_files
detected URL: https://jam-ya.com/callback'; XIOC detected URL: https://jam-ya.com/callback';
extracted_from_files
detected URL: https://accounts.spotify.com/authorize?$ XIOC detected URL: https://accounts.spotify.com/authorize?$
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected Domain: e.target.dataset.band XIOC detected Domain: e.target.dataset.band
extracted_from_files
detected Domain: www.spotify.com XIOC detected Domain: www.spotify.com
extracted_from_files
detected URL: https://developer.spotify.com/dashboard) XIOC detected URL: https://developer.spotify.com/dashboard)
extracted_from_files
detected URL: https://open.spotify.com) XIOC detected URL: https://open.spotify.com)
extracted_from_files
detected URL: https://jam-ya.com) XIOC detected URL: https://jam-ya.com)
extracted_from_files
detected URL: https://accounts.spotify.com/api/token', XIOC detected URL: https://accounts.spotify.com/api/token',
extracted_from_files
detected URL: https://jam-ya.com/auth/refresh', XIOC detected URL: https://jam-ya.com/auth/refresh',
extracted_from_files
detected Domain: creds-panel.open XIOC detected Domain: creds-panel.open
extracted_from_files
detected Domain: chromiumapp.org XIOC detected Domain: chromiumapp.org
extracted_from_files
detected Domain: displayqueue.map XIOC detected Domain: displayqueue.map
extracted_from_files
detected Domain: track.id XIOC detected Domain: track.id
extracted_from_files
detected Domain: track.name XIOC detected Domain: track.name
extracted_from_files
detected Domain: btn.dataset.tab XIOC detected Domain: btn.dataset.tab
extracted_from_files
detected Domain: content.id XIOC detected Domain: content.id
extracted_from_files
detected Domain: data.is XIOC detected Domain: data.is
extracted_from_files
detected Domain: alarm.name XIOC detected Domain: alarm.name
extracted_from_files
detected Domain: tab.id XIOC detected Domain: tab.id
extracted_from_files
detected Domain: ns.adobe.com XIOC detected Domain: ns.adobe.com
extracted_from_files
detected Domain: ѱ0.hk XIOC detected Domain: ѱ0.hk
extracted_from_files
detected Domain: …chromiumapp.org XIOC detected Domain: …chromiumapp.org
extracted_from_files
detected Domain: msg.band XIOC detected Domain: msg.band
extracted_from_files
detected Domain: accounts.spotify.com XIOC detected Domain: accounts.spotify.com
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: api.spotify.com XIOC detected Domain: api.spotify.com
extracted_from_files
detected Domain: data.item.id XIOC detected Domain: data.item.id
extracted_from_files
detected Domain: data.item.name XIOC detected Domain: data.item.name
extracted_from_files
detected Domain: a.name XIOC detected Domain: a.name
extracted_from_files
detected IP: ed::bef XIOC detected IP: ed::bef
extracted_from_files
detected IP: ::bef XIOC detected IP: ::bef
extracted_from_files
detected Domain: developer.spotify.com XIOC detected Domain: developer.spotify.com
extracted_from_files
detected Domain: open.spotify.com XIOC detected Domain: open.spotify.com
extracted_from_files
AI Security Report
AI Security Review
Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-21. The review verdict is benign but powerful with 80% confidence.
Recommended action: no action.
Risk context: MEDIUM risk, score 62/100.
Evidence context: threat category none; evidence quality moderate.
The "Jam-Ya Auto Fade" extension (v2.4.0) published by [email protected] exhibits no detectable security threats based on the provided evidence. The findings_by_category object is entirely empty, confirming no code-smell rules (e.g., postinstall, credential access), IoC matches, or obfuscation patterns were triggered during analysis. The extension's description explicitly states it uses the Spotify API for auto-fade functionality without DOM manipulation, which aligns with benign behavior for audio customization tools.
The developer's use of a Gmail address is common for independent developers and does not inherently indicate malicious intent. While the extension has only 1 user, low adoption alone does not correlate with malice, particularly for niche utilities targeting specific platforms like Spotify. No typosquatting or impersonation of known extensions (e.g., Spotify's official tools) was detected, and the name "Jam-Ya Auto Fade" does not mimic popular extensions.
The strongest counterargument is the combination of an anonymous developer and minimal user base, which could signal a throwaway project. However, the absence of any malicious indicators—such as credential access, suspicious domains, or obfuscated payloads—overrides this concern. The extension's declared purpose (Spotify API integration) is consistent with its metadata, and no evidence suggests hidden functionality.
The analysis confirms no evidence of high-confidence threats: no browser hijacking (no custom search domains), no credential theft (no login domain IoCs), no malware delivery (no Flash/VPN lures), and no proxyware behavior. The absence of findings in dist/ or bundle files rules out multiplicative false positives from bundled dependencies. Zero-width Unicode characters in locale files (a known false positive) were not detected, as no locale files were flagged.
The extension's functionality (Spotify API integration) is legitimate and does not require elevated permissions that could enable misuse. While API access could theoretically be misused, the lack of obfuscation or suspicious network activity negates this risk. Given the lack of findings and alignment with legitimate use cases, this extension is classified as benign but powerful due to its API access. No action is required, though monitoring for future updates is prudent.
Key Reasons
- No findings in any category
- Legitimate Spotify API usage described
- Low user count but no malicious indicators
False Positive Considerations
- None detected
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng
[email protected]
SVG to AVIF Converter [ShiftShift]
[email protected]
ChromeCompare
[email protected]
CAI Tools
[email protected]
Auto Gmail - ChatGPT AI for email inbox
[email protected]
EC Seller Tools
[email protected]