Is Haddan Bot safe to use?

Haddan Bot has a security risk score of 0/100 (MINIMAL risk). Our security analysis detected 0 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of Haddan Bot?

Based on our automated security analysis, Haddan Bot presents minimal risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "Haddan Bot" on Chrome Web Store Safe to Install?

[email protected] · chrome · v2.40.1

Практически все действия в игре возможно настроить через расписание: - перемещение по локациям - выбор класса и фракции персонажа - прохождение леса и фарм полян - медитация в храме - копка в шахте - качь персонажа в лабе (играет с духами, лечит травмы самостоятельно через лтт и арты) - прохождение лаба по заданному пути (через сундуки с переодеванием комплектов) - качь на заслонах, в цу и на бездухах - фарм Флорентов (как инициатор, так и пассив) - уничтожение репоботов и автобой с драконами - создание/роспуск группы - фарм Кнопаха - фарм Алхимиков в Радиоактивном лесу а также: - автоматическое распознавание каптч - уведомление о капчах и разных проблемах в телеграм с возможностью ответить - авточар у кузнеца - автоварка элей в химке - игра с тараканами - детальная настройка боя на 100 раундов вперед - всплески, бодра, рунники - все в употреблении - улучшенный склад - улучшенный поиск по магазинам

Risk Assessment

Analyzed

out of 100

MINIMAL

0 security findings detected across all analyzers

Chrome extension requesting 6 permissions

No Threats Detected

This extension passed all security checks

About This Extension

No Findings

All security checks passed

AI Security Report

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-05-06. The review verdict is needs follow up with 65% confidence.

Recommended action: runtime analysis.
Risk context: MINIMAL risk, score 0/100.
Evidence context: threat category none; evidence quality weak.

The extension "Haddan Bot" claims to automate routine actions in the online game Haddan, as stated in its Russian description "Приложение для автоматизации рутинных действий в онлайн игре Haddan". The findings bundle shows 0 total findings across all categories including ioc, malware-signature, malware, network, obfuscation, and code-smell. This complete absence of findings is unusual for an extension that claims to perform game automation, which typically requires manifest permissions, DOM manipulation, and network requests that would trigger at least some detection rules.

The developer attribution is limited to an anonymous email address "[email protected]" with no company name or verified publisher identity. This anonymous attribution pattern is a known risk factor for potentially unwanted programs. The extension has 434 users, indicating limited adoption but not necessarily malicious intent.

Game automation bots occupy a gray area in browser extension security. They can be legitimate tools for players to improve their gaming experience, or they can be Potentially Unwanted Programs (PUPs) that violate game terms of service, or they can contain hidden functionality for credential harvesting or data exfiltration. Without any code findings to analyze, the actual behavior cannot be determined from static analysis alone.

The strongest counterargument to the needs_follow_up verdict would be that zero findings indicates a clean, safe extension. However, legitimate game automation software typically contains manifest files with host permissions, JavaScript code for DOM manipulation, and network request handlers - all of which would generate at least some findings in the code-smell or manifest-analysis categories. The complete absence of findings suggests either an extremely minimal implementation that cannot actually perform automation, or that the analysis may not have fully scanned the extension's codebase.

Given the suspicious category (game automation), anonymous developer, and unusual finding profile, runtime analysis is recommended to observe actual extension behavior when installed. This would reveal whether the extension makes network requests, accesses game credentials, or performs the claimed automation functions.

Key Reasons

Zero findings across all categories is unusual for functional automation software
Anonymous developer attribution (email only, no company name)
Game automation bots are inherently suspicious category that may violate TOS
No code evidence to determine if extension performs claimed automation

Source Code Viewer