Is "TAG Site Request" on Chrome Web Store Safe to Install?
TAG Site Request allows TAG Chromebook users to easily request access to blocked websites. When a website is blocked by your Chromebook's whitelist policy, this extension lets you: • Request access to the blocked site with one click • Add a reason for why you need the site (optional) • Track the status of your requests (pending, approved, denied) How it works: 2. The blocked URL is automatically filled in 3. Click "Request Access" to submit 4. Your TAG technician will review and approve or deny the request 5. Once approved, the site becomes available on your Chromebook This extension is managed by TAG (Technology Awareness Group) for use on TAG-managed Chromebooks only. For support, contact your local TAG branch office.
Risk Assessment
Analyzed20 security findings detected across all analyzers
Chrome extension requesting 4 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
5 rules(6 hits)Requested Permissions
4 permissionsAccess your identity and sign-in tokens
About This Extension
Detailed Findings
9 totalYARA Rule Matches
5 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 11
detected IP: ::e XIOC detected IP: ::e
extracted_from_files
detected URL: https://admin.tag.org/api/chromebook/url-request'; XIOC detected URL: https://admin.tag.org/api/chromebook/url-request';
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected URL: https://admin.tag.org/* XIOC detected URL: https://admin.tag.org/*
extracted_from_files
detected Domain: admin.tag.org XIOC detected Domain: admin.tag.org
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: data.name XIOC detected Domain: data.name
extracted_from_files
detected Domain: tag.org XIOC detected Domain: tag.org
extracted_from_files
detected Domain: info.name XIOC detected Domain: info.name
extracted_from_files
detected Domain: info.email XIOC detected Domain: info.email
extracted_from_files
detected Domain: requests.map XIOC detected Domain: requests.map
extracted_from_files
AI Security Report
AI Security Review
Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 85% confidence.
Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 61/100.
Evidence context: threat category none; evidence quality moderate.
This extension, "TAG Site Request," is designed for Chromebook users to request access to blocked websites through the TAG organization's administrative system. The evidence shows no malicious behavior, and all findings are explainable as false positives.
The IoC findings are dominated by known false positive patterns. The IP ::e in XIOC-IP-::e is an IPv6 fragment extracted from minified JavaScript, not a real network address. Multiple "domains" like date.now, data.name, info.name, info.email, and requests.map are property access chains that the XIOC extractor misidentifies as domains—this is documented noise per the CVEQ guidelines. The legitimate Google update endpoint https://clients2.google.com/service/update2/crx is expected infrastructure.
The only meaningful network finding is background.js:54 which triggers NET-FETCH-background.js-54, indicating a basic fetch call. This is consistent with the extension's stated purpose of submitting website access requests to admin.tag.org/api/chromebook/url-request. The domains admin.tag.org and tag.org align with the extension's description for TAG Chromebook management and are not suspicious third-party domains.
There are zero malware signatures, zero obfuscation findings, and zero credential theft indicators. The 6 code-smell findings are low-severity noise that match basic JavaScript patterns and should not drive verdicts per the guidelines.
Counterargument: A skeptic might argue the anonymous developer (personal Gmail address) with zero users is suspicious. However, this extension appears to be an internal tool for TAG Chromebook users, which explains the lack of public user count. The extension's functionality directly matches its description—requesting website access through an organizational API—which is a legitimate use case for school/enterprise Chromebook management. Without malware signatures, obfuscation, or actual suspicious third-party domains, the anonymous publisher alone does not constitute evidence of malicious intent.
Key Reasons
- All IoC findings are known false positive patterns (IPv6 fragments, property access chains)
- Zero malware signatures and zero obfuscation findings
- Network activity matches stated extension purpose (admin.tag.org API)
- No credential theft, browser hijacking, or typosquatting indicators
False Positive Considerations
- IPv6 fragment ::e from minified JS
- Property access chains misread as domains (date.now, data.name, info.email)
- Legitimate Google infrastructure domain (clients2.google.com)
- Organizational API domains matching extension purpose (admin.tag.org)
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
TAG Filter Check
[email protected]
Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng
[email protected]
Auto Gmail - ChatGPT AI for email inbox
[email protected]
Dodl Notes: Teacher Anecdotal Notes
[email protected]
Research Notes
[email protected]
SVG to AVIF Converter [ShiftShift]
[email protected]