Is "KCUBE ON Connector for Google" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 85% confidence.

Recommended action: suppress false positive.
Risk context: CRITICAL risk, score 87/100.
Evidence context: threat category none; evidence quality moderate.

KCUBE ON Connector for Google (version 1.3.4) is a benign extension with findings driven entirely by known false-positive patterns.

IoC Analysis: All 188 IoC findings are XIOC extraction errors. The finding titles reveal JavaScript property access chains misidentified as domains: XIOC-DOMAIN-minimizebutton.click, XIOC-DOMAIN-exports.gmail, XIOC-DOMAIN-result.name, XIOC-DOMAIN-div.vi, XIOC-DOMAIN-a.do, XIOC-DOMAIN-api.new.get.email, XIOC-DOMAIN-el.data, XIOC-DOMAIN-cancelbutton.click, XIOC-DOMAIN-obj.name, XIOC-DOMAIN-this.id, and XIOC-DOMAIN-obj.email. These are standard JavaScript patterns (object.property, element.click, this.id) that the XIOC extractor incorrectly flags as network domains. The only legitimate URL found is https://docs.gitlab.com/ee/user/project/repository/web_editor.html, which references GitLab documentation and poses no threat.

Malware Signatures: Zero malware-signature findings and zero malware findings. This is a critical indicator of benign code. Malicious extensions consistently trigger at least one malware signature when combined with suspicious behavior.

Obfuscation: Zero obfuscation findings. Malicious extensions use obfuscation to hide payloads; this extension has none.

Developer Attribution: The developer email [email protected] provides legitimate attribution to a Korean company domain. The extension name "KCUBE ON Connector for Google" does not impersonate any known extension brand.

Code-Smell Findings: The 55 code-smell findings are all low severity and represent expected noise from YARA rules that match basic JavaScript patterns. These findings do not indicate malicious behavior.

Counterargument Addressed: A skeptic would argue that 251 total findings with 188 IoCs represents significant risk. This reasoning is incorrect because finding COUNT is meaningless when finding NATURE is noise. Every single IoC is a documented XIOC false positive pattern (property access chains). Zero malware signatures, zero obfuscation, and no actual suspicious domains confirm the extension is benign. The high finding count results from the XIOC extractor's known tendency to over-match on JavaScript code, not from actual malicious indicators.

Conclusion: This extension exhibits no evidence of malicious behavior. The findings are entirely attributable to XIOC false positives and benign code-smell noise. No security action is required beyond suppressing these known false-positive patterns.

Key Reasons

• All 188 IoC findings are XIOC false positives from JavaScript property access chains
• Zero malware signatures detected
• Zero obfuscation findings
• Developer attribution exists via company email domain
• No actual suspicious domains in findings

False Positive Considerations

• XIOC property access chains misidentified as domains
• Low-severity code-smell YARA rules
• No malware signatures present