Is "DynaTools" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-28. The review verdict is likely false positive with 75% confidence.

Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 44/100.
Evidence context: threat category none; evidence quality moderate.

DynaTools is a Chrome extension designed for Dynamics 365 Finance & Operations productivity, providing table browser, class runner, screenshot, language switch, and environment badge functionality. The extension has 3 total findings, all categorized as medium-severity network detections in src/popup/popup.js.

The network findings consist of two Socket.IO calls (lines 37 and 40) and one fetch call (line 1) in the popup script. These are standard web technologies used for real-time communication and HTTP requests. For a Dynamics 365 productivity extension, network calls to communicate with Dynamics 365 APIs or a companion service are expected and necessary behavior. The findings do not identify any specific domains being contacted, and the findings summary shows 0 IoCs, meaning no suspicious domains were extracted from the code.

Critically, the extension has zero malware signatures, zero obfuscation findings, and zero code-smell detections. The absence of malware signatures is the strongest indicator of benign behavior. There is no evidence of credential theft (no access to sensitive domains), browser hijacking (no custom search engines or new tab manipulation), or data exfiltration (no external domain transmission of sensitive data). The extension's functionality aligns with its stated purpose.

The developer is listed as an email address ([email protected]) rather than a verified company name, and user count is only 1. While these factors introduce some uncertainty about publisher reputation and adoption, they do not constitute evidence of malicious behavior. Anonymous publishers exist for legitimate niche tools, and the low user count is consistent with a specialized Dynamics 365 productivity tool.

Counterargument: A skeptic might argue that the anonymous publisher and Socket.IO network calls could indicate a backdoor or data collection mechanism. However, Socket.IO is a legitimate, widely-used library for real-time bidirectional communication, and without evidence of suspicious domains in the IoC findings or malware signatures, there is no basis to claim malicious intent. The findings represent normal extension architecture, not security threats. If the extension were malicious, we would expect to see suspicious domains in IoC findings, obfuscation to hide malicious code, or malware signatures from YARA rules. None of these are present.

The CVEQ system is flagging standard web technologies as findings when they represent legitimate extension behavior. This is a false positive driven by the detection system's sensitivity to network calls rather than actual malicious indicators.

Key Reasons

• Zero malware signatures detected
• Zero obfuscation findings
• Zero suspicious IoCs (domains) identified
• Network activity (Socket.IO, fetch) matches stated Dynamics 365 productivity functionality
• No credential theft or browser hijacking indicators

False Positive Considerations

• Network findings are standard web technologies (Socket.IO, fetch) required for extension functionality
• No actual suspicious domains extracted in IoC analysis
• Low finding count (3) driven by legitimate network operations, not malicious code