Is "AWS management console colorize" on Chrome Web Store Safe to Install?
This extension offers the following features: - Change the header and footer colors of the AWS management console. - Add color blocks to the AWS session selection page. These allow you to differentiate between multiple session ARNs. This is inspired by gcp-console-colorize (https://github.com/yfuruyama/gcp-console-colorize).
Risk Assessment
Analyzed150 security findings detected across all analyzers
Chrome extension requesting 2 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
9 rules(17 hits)Requested Permissions
2 permissionsAbout This Extension
Detailed Findings
19 totalYARA Rule Matches
9 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 129
detected Domain: re.call XIOC detected Domain: re.call
extracted_from_files
detected Domain: n.next XIOC detected Domain: n.next
extracted_from_files
detected Domain: schema.id XIOC detected Domain: schema.id
extracted_from_files
detected Domain: x.data XIOC detected Domain: x.data
extracted_from_files
detected Domain: o.next XIOC detected Domain: o.next
extracted_from_files
detected Domain: i.next XIOC detected Domain: i.next
extracted_from_files
detected Domain: m.call XIOC detected Domain: m.call
extracted_from_files
detected Domain: wxt.dev XIOC detected Domain: wxt.dev
extracted_from_files
detected URL: http://[$ XIOC detected URL: http://[$
extracted_from_files
detected URL: https://json-schema.org/draft/2020-12/schema XIOC detected URL: https://json-schema.org/draft/2020-12/schema
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected Domain: this.id XIOC detected Domain: this.id
extracted_from_files
detected Domain: this.locationwatcher.run XIOC detected Domain: this.locationwatcher.run
extracted_from_files
detected Domain: manifest.open XIOC detected Domain: manifest.open
extracted_from_files
detected URL: https://react.dev/errors/ XIOC detected URL: https://react.dev/errors/
extracted_from_files
detected URL: https://github.com/wxt-dev/wxt/issues/371 XIOC detected URL: https://github.com/wxt-dev/wxt/issues/371
extracted_from_files
detected URL: https://wxt.dev/guide/go-further/testing.html XIOC detected URL: https://wxt.dev/guide/go-further/testing.html
extracted_from_files
detected Domain: signin.aws.amazon.com XIOC detected Domain: signin.aws.amazon.com
extracted_from_files
detected Domain: console.aws.amazon.com XIOC detected Domain: console.aws.amazon.com
extracted_from_files
detected Domain: t.colorsettings.map XIOC detected Domain: t.colorsettings.map
extracted_from_files
detected Domain: c.issues.map XIOC detected Domain: c.issues.map
extracted_from_files
detected Domain: la.call XIOC detected Domain: la.call
extracted_from_files
detected Domain: a.map XIOC detected Domain: a.map
extracted_from_files
detected Domain: e.storage XIOC detected Domain: e.storage
extracted_from_files
detected Domain: e.email XIOC detected Domain: e.email
extracted_from_files
detected Domain: e.date XIOC detected Domain: e.date
extracted_from_files
detected Domain: e.gt XIOC detected Domain: e.gt
extracted_from_files
detected Domain: e.lt XIOC detected Domain: e.lt
extracted_from_files
detected Domain: e.int XIOC detected Domain: e.int
extracted_from_files
detected Domain: e.safe XIOC detected Domain: e.safe
extracted_from_files
detected Domain: e.in XIOC detected Domain: e.in
extracted_from_files
detected Domain: t.name XIOC detected Domain: t.name
extracted_from_files
detected Domain: r.rest XIOC detected Domain: r.rest
extracted_from_files
detected Domain: i.properties XIOC detected Domain: i.properties
extracted_from_files
detected Domain: a.target XIOC detected Domain: a.target
extracted_from_files
detected Domain: e.next XIOC detected Domain: e.next
extracted_from_files
detected Domain: i.options.map XIOC detected Domain: i.options.map
extracted_from_files
detected Domain: i.in XIOC detected Domain: i.in
extracted_from_files
detected Domain: e.issues.map XIOC detected Domain: e.issues.map
extracted_from_files
detected Domain: t.options.map XIOC detected Domain: t.options.map
extracted_from_files
detected Domain: o.data XIOC detected Domain: o.data
extracted_from_files
detected Domain: e.constructor.name XIOC detected Domain: e.constructor.name
extracted_from_files
detected Domain: r.issues.map XIOC detected Domain: r.issues.map
extracted_from_files
detected Domain: t.in XIOC detected Domain: t.in
extracted_from_files
detected Domain: n.id XIOC detected Domain: n.id
extracted_from_files
detected Domain: i.errors.map XIOC detected Domain: i.errors.map
extracted_from_files
detected Domain: zod.run XIOC detected Domain: zod.run
extracted_from_files
detected Domain: o.issues.map XIOC detected Domain: o.issues.map
extracted_from_files
detected Domain: a.issues.map XIOC detected Domain: a.issues.map
extracted_from_files
detected Domain: n.data XIOC detected Domain: n.data
extracted_from_files
detected Domain: c.run XIOC detected Domain: c.run
extracted_from_files
detected Domain: issues.map XIOC detected Domain: issues.map
extracted_from_files
detected Domain: e.map XIOC detected Domain: e.map
extracted_from_files
detected Domain: t.map XIOC detected Domain: t.map
extracted_from_files
detected Domain: n.map XIOC detected Domain: n.map
extracted_from_files
detected Domain: c.map XIOC detected Domain: c.map
extracted_from_files
detected Domain: browser.storage XIOC detected Domain: browser.storage
extracted_from_files
detected Domain: this.name XIOC detected Domain: this.name
extracted_from_files
detected Domain: object.prototype.hasownproperty.call XIOC detected Domain: object.prototype.hasownproperty.call
extracted_from_files
detected Domain: jf.call XIOC detected Domain: jf.call
extracted_from_files
detected Domain: this.next XIOC detected Domain: this.next
extracted_from_files
detected Domain: e.info XIOC detected Domain: e.info
extracted_from_files
detected Domain: globalthis.chrome XIOC detected Domain: globalthis.chrome
extracted_from_files
detected Domain: e.id-t.id XIOC detected Domain: e.id-t.id
extracted_from_files
detected Domain: t.io XIOC detected Domain: t.io
extracted_from_files
detected Domain: o.map XIOC detected Domain: o.map
extracted_from_files
detected Domain: ne.call XIOC detected Domain: ne.call
extracted_from_files
detected Domain: r.in XIOC detected Domain: r.in
extracted_from_files
detected Domain: t.call XIOC detected Domain: t.call
extracted_from_files
detected Domain: r.data XIOC detected Domain: r.data
extracted_from_files
detected Domain: i.name XIOC detected Domain: i.name
extracted_from_files
detected Domain: n.media XIOC detected Domain: n.media
extracted_from_files
detected Domain: r.media XIOC detected Domain: r.media
extracted_from_files
detected Domain: l.memoizedprops.style XIOC detected Domain: l.memoizedprops.style
extracted_from_files
detected Domain: a.id XIOC detected Domain: a.id
extracted_from_files
detected Domain: b.top XIOC detected Domain: b.top
extracted_from_files
detected Domain: qu.next XIOC detected Domain: qu.next
extracted_from_files
detected Domain: e.id XIOC detected Domain: e.id
extracted_from_files
detected Domain: c.target XIOC detected Domain: c.target
extracted_from_files
detected Domain: d.target XIOC detected Domain: d.target
extracted_from_files
detected Domain: i.data XIOC detected Domain: i.data
extracted_from_files
detected Domain: t.events XIOC detected Domain: t.events
extracted_from_files
detected Domain: n.compare XIOC detected Domain: n.compare
extracted_from_files
detected Domain: r.is XIOC detected Domain: r.is
extracted_from_files
detected Domain: e.events XIOC detected Domain: e.events
extracted_from_files
detected Domain: n.property XIOC detected Domain: n.property
extracted_from_files
detected Domain: o.style XIOC detected Domain: o.style
extracted_from_files
detected Domain: p.next XIOC detected Domain: p.next
extracted_from_files
detected Domain: z.next XIOC detected Domain: z.next
extracted_from_files
detected Domain: o.events XIOC detected Domain: o.events
extracted_from_files
detected Domain: go.next XIOC detected Domain: go.next
extracted_from_files
detected Domain: r.data.map XIOC detected Domain: r.data.map
extracted_from_files
detected Domain: l.next XIOC detected Domain: l.next
extracted_from_files
detected Domain: r.next XIOC detected Domain: r.next
extracted_from_files
detected Domain: l.call XIOC detected Domain: l.call
extracted_from_files
detected Domain: t.media XIOC detected Domain: t.media
extracted_from_files
detected Domain: e.name XIOC detected Domain: e.name
extracted_from_files
detected Domain: y.data XIOC detected Domain: y.data
extracted_from_files
detected Domain: s.next XIOC detected Domain: s.next
extracted_from_files
detected Domain: u.next XIOC detected Domain: u.next
extracted_from_files
detected Domain: u.call XIOC detected Domain: u.call
extracted_from_files
detected Domain: a.call XIOC detected Domain: a.call
extracted_from_files
detected Domain: json-schema.org XIOC detected Domain: json-schema.org
extracted_from_files
detected Domain: t.id XIOC detected Domain: t.id
extracted_from_files
detected Domain: r.name XIOC detected Domain: r.name
extracted_from_files
detected Domain: c.next XIOC detected Domain: c.next
extracted_from_files
detected Domain: qi.next XIOC detected Domain: qi.next
extracted_from_files
detected Domain: object.prototype.tostring.call XIOC detected Domain: object.prototype.tostring.call
extracted_from_files
detected Domain: a.name XIOC detected Domain: a.name
extracted_from_files
detected Domain: this.target XIOC detected Domain: this.target
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: e.data XIOC detected Domain: e.data
extracted_from_files
detected Domain: t.data XIOC detected Domain: t.data
extracted_from_files
detected Domain: object.is XIOC detected Domain: object.is
extracted_from_files
detected Domain: t.target XIOC detected Domain: t.target
extracted_from_files
detected Domain: n.call XIOC detected Domain: n.call
extracted_from_files
detected Domain: e.call XIOC detected Domain: e.call
extracted_from_files
detected Domain: je.call XIOC detected Domain: je.call
extracted_from_files
detected Domain: i.call XIOC detected Domain: i.call
extracted_from_files
detected Domain: e.style XIOC detected Domain: e.style
extracted_from_files
detected Domain: e.target XIOC detected Domain: e.target
extracted_from_files
detected Domain: n.name XIOC detected Domain: n.name
extracted_from_files
detected Domain: performance.now XIOC detected Domain: performance.now
extracted_from_files
detected Domain: a.now XIOC detected Domain: a.now
extracted_from_files
detected Domain: o.now XIOC detected Domain: o.now
extracted_from_files
detected Domain: t.as XIOC detected Domain: t.as
extracted_from_files
detected Domain: t.next XIOC detected Domain: t.next
extracted_from_files
detected Domain: a.next XIOC detected Domain: a.next
extracted_from_files
detected Domain: e.watch XIOC detected Domain: e.watch
extracted_from_files
AI Security Report
AI Security Review
Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-23. The review verdict is likely false positive with 75% confidence.
Recommended action: no action.
Risk context: MEDIUM risk, score 64/100.
Evidence context: threat category none; evidence quality weak.
Security Analysis: AWS management console colorize
Overview
This extension provides color customization functionality for the AWS management console interface. The extension is published by a developer using a personal email address ([email protected]) and has accumulated 11 users on the Chrome Web Store.
Finding Analysis
Critical Observation: Zero Findings Detected
The security analysis produced an empty findings bucket (findings_by_category: {}). This is a significant observation that requires careful interpretation:
- No IoC Findings: The extension contains no suspicious domains, IP addresses, or network endpoints that would indicate data exfiltration, command-and-control communication, or third-party service dependencies.
- No Code-Smell Findings: No YARA rules triggered for obfuscation, credential access, eval usage, or other suspicious code patterns.
- No Malware Signatures: No known malware families or malicious payloads were detected in any scanned files.
- No Obfuscation Indicators: No invisible Unicode characters, string encoding, or code minification patterns were flagged.
Extension Legitimacy Assessment
The extension's declared purpose—"change and add colors in the AWS management console"—is a legitimate utility function. AWS console customization extensions are a known category of productivity tools that help administrators visually distinguish resources, services, or status indicators. This functionality does not inherently require elevated permissions or access to sensitive data.
The developer attribution ([email protected]) is a personal Gmail address rather than a corporate domain. While this is less trustworthy than a verified organization, it is not uncommon for individual developers creating niche utility extensions. The low user count (11 users) suggests this is either a new extension or a highly specialized tool with limited adoption.
Counterargument Analysis
Strongest Counterargument: The complete absence of findings could indicate an analysis pipeline failure rather than a genuinely clean extension. Security scanners typically produce at least some findings for non-trivial JavaScript extensions, even benign ones.
Why This Counterargument is Insufficient: While analysis failures are possible, the evidence bundle shows successful metadata extraction (developer name, user count, version, store, description). The version number (0.3.12) indicates iterative development history, suggesting the extension has been maintained. If the analysis had truly failed, we would expect incomplete_data indicators such as 0 files scanned or version='unknown'. The empty findings bucket, combined with successful metadata collection, more likely indicates a genuinely clean codebase rather than a pipeline failure.
Conclusion
This extension presents no detectable security concerns. The zero-findings result, combined with a legitimate declared purpose and no suspicious behavioral indicators, supports a benign classification. The personal developer email and low user count warrant standard caution when installing, but do not constitute security risks themselves.
Key Reasons
- Zero security findings across all categories (IoCs, code-smell, malware, obfuscation)
- Legitimate declared purpose: AWS console color customization utility
- No suspicious domains or network endpoints detected
- No obfuscation or malware signatures present
False Positive Considerations
- Empty findings bucket likely indicates clean codebase rather than analysis failure
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng
[email protected]
SVG to AVIF Converter [ShiftShift]
[email protected]
ChromeCompare
[email protected]
CAI Tools
[email protected]
Auto Gmail - ChatGPT AI for email inbox
[email protected]
EC Seller Tools
[email protected]