Is "Zedra" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-28. The review verdict is likely false positive with 85% confidence.

Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 53/100.
Evidence context: threat category none; evidence quality moderate.

The Zedra extension is a web3 wallet for the Cedra blockchain with 65 users. Analysis of the 11 findings reveals no evidence of malicious behavior.

The single manifest finding, MANIFEST-SENSITIVE-PERM-TABS in manifest.json, declares the 'tabs' permission. For a web3 wallet extension, this permission is functionally necessary to interact with decentralized applications (dApps) and facilitate transaction signing. This is legitimate functionality, not a security risk.

All 10 network findings are generic NET-FETCH detections across files including public/transaction-request.js, transaction-request.js, assets/IconX-DlaoobY9.js, and assets/background.ts-aNt6ZCGr.js. These findings detect fetch() calls without extracting specific domains. Web3 wallets must communicate with blockchain nodes, RPC endpoints, and API services to send/receive assets and query transaction status. The absence of any extracted suspicious domains in the IoC category confirms these are legitimate network calls to expected infrastructure.

Critically, the findings_summary shows zero malware signatures, zero obfuscation findings, zero code-smell detections, and zero IoC domains. These are the high-confidence threat indicators that matter. The extension has no malware-family matches, no obfuscated payloads, and no suspicious external domains.

The developer email [email protected] aligns with the extension name, showing consistent branding. The low user count (65) is expected for a niche blockchain wallet targeting a specific ecosystem.

The strongest counterargument would be that 11 medium-severity findings warrant concern. However, the scoring system is known to inflate risk based on finding volume rather than finding nature. Every single finding here reflects expected web3 wallet behavior: tabs permission for dApp interaction and fetch calls for blockchain communication. No finding indicates credential theft, data exfiltration, browser hijacking, or malware delivery. The absence of any high-confidence threat indicators—malware signatures, obfuscation, suspicious domains, or impersonation—combined with the presence of legitimate functionality findings, confirms these are false positives from the detection system flagging normal extension operations.

Key Reasons

• No malware signatures detected in any scanned files
• No obfuscation findings despite scanning all code
• No suspicious domains extracted in IoC category
• Tabs permission is legitimate for web3 wallet functionality
• Network findings are generic fetch calls without suspicious destinations

False Positive Considerations

• Generic fetch() detection without domain extraction
• Legitimate tabs permission flagged as sensitive
• Finding volume inflation without malicious indicators