Is Collaborator Link Assistant safe to use?

Collaborator Link Assistant has a security risk score of 53.37/100 (MEDIUM risk). Our security analysis detected 8 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of Collaborator Link Assistant?

Based on our automated security analysis, Collaborator Link Assistant presents medium risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "Collaborator Link Assistant" on Chrome Web Store Safe to Install?

[email protected] · chrome · v2.0

Instantly find your backlinks on websites along with their attributes and indexing data, and check placement costs on sites available in the Collaborator catalog using Link Assistant. This convenient Chrome extension for link builders helps save significant time when planning link-building campaigns and monitoring already posted links. 📌 Key Features 1. Monitoring Links for Your Domains (Link Tracker) ✦ Automatic detection of your backlinks when visiting websites. ✦ List of found links with their attributes (dofollow, nofollow, sponsored). ✦ Quick scroll to the specified link. ✦ Page indexing check: Google indexing, canonical tag, meta-robots, robots.txt, x-robots-tag. ✦ Export link lists to clipboard or Google Sheets. ✦ Domain-based exclusion settings. ✦ Reports on the number and type of detected links: daily, weekly, monthly, yearly. 2. Checking Placement Price via the Collaborator Marketplace (Price Checker) While analyzing search results by keywords or competitors’ referring domains in Ahrefs, instantly see placement costs on sites available in the Collaborator catalog. 📌 Additional Functionality Add sites to your favorites list and manage them easily for further work. 📌 Why Choose Collaborator Link Assistant ✦ Time-saving: no more spending hours manually checking links. ✦ Full control: instant information about links, their attributes, and indexing. ✦ Easy organization: exporting data to Google Sheets makes your workflow smooth and transparent. ✦ Suitable for any level: ideal for solo specialists or teams.

Risk Assessment

Analyzed

53.37

out of 100

MEDIUM

8 security findings detected across all analyzers

Chrome extension requesting 4 permissions

Severity Breakdown

Critical

High

Medium

Low

Info

Finding Categories

Network

Requested Permissions

4 permissions

tabs

Medium

storage

Low

clipboardWrite

Low

alarms

Low

About This Extension

Detailed Findings

8 total

AI Security Report

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 85% confidence.

Recommended action: suppress false positive.
Risk context: HIGH risk, score 77/100.
Evidence context: threat category none; evidence quality moderate.

The Collaborator Link Assistant extension demonstrates a clear false-positive pattern across all detection categories. The 55 IoC findings consist entirely of benign artifacts: property access chains misidentified as domains (XIOC-DOMAIN-msg.id, XIOC-DOMAIN-chrome.runtime.id, XIOC-DOMAIN-tab.id, XIOC-DOMAIN-json.map), IPv6 fragment garbage (XIOC-IP-e::), and legitimate infrastructure domains (https://google.com/*, https://script.google.com/macros/s/). The single extension-owned domain (https://collaborator.pro/ua/api/public/racoon/lookup) aligns with the developer email [email protected] and the stated functionality as a link tracker and marketplace checker.

Network findings in background.js:194 and content.js:346 show standard fetch() calls, which is expected behavior for an extension that tracks links and checks marketplaces. No credential access, no browser hijacking indicators, and no data exfiltration patterns appear in the evidence.

The 45 code-smell findings are classified as low severity and match known false-positive patterns including postinstall rules and credential reference patterns that fire on basic JavaScript. Zero malware signatures and zero obfuscation findings eliminate the possibility of malicious payloads.

Counterargument: A skeptic might cite the 108 total findings and 55 IoCs as evidence of suspicious behavior. However, CVEQ's IoC extractor is documented to produce massive false-positive volumes from property access chains and minified code. The finding COUNT is meaningless; the NATURE of these findings reveals no malicious intent. Every IoC is either a Chrome API property (tab.id, chrome.runtime.id), source map reference (json.map), IPv6 hex fragment (e::), Google infrastructure, or the extension's own service domain. No suspicious third-party domains appear in the evidence. The extension's description matches its actual behavior, the developer email matches the service domain, and the absence of malware signatures or obfuscation confirms this is benign functionality flagged by noisy automated detection.

The recommended action is to suppress these false positives. The extension serves a legitimate purpose with no evidence of malicious behavior.

Key Reasons

Zero malware signatures detected
All IoCs are property chains or legitimate domains
No obfuscation findings
Developer email matches service domain
Network calls align with stated functionality

False Positive Considerations

IoC property access chains (msg.id, tab.id, chrome.runtime.id)
IPv6 fragment garbage (e::)
Code-smell findings on basic JavaScript patterns
Google infrastructure domains (script.google.com, google.com)

Source Code Viewer

Source Code Not Available

Source code is not available for this version of the extension.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng

[email protected]

CRITICAL 20K users

SVG to AVIF Converter [ShiftShift]

[email protected]

CRITICAL 4 users

ChromeCompare

[email protected]

CRITICAL 16 users

CAI Tools

[email protected]

CRITICAL 40K users

Auto Gmail - ChatGPT AI for email inbox

[email protected]

CRITICAL 1K users

EC Seller Tools

[email protected]

CRITICAL 1K users

Is "Collaborator Link Assistant" on Chrome Web Store Safe to Install?

Risk Assessment

Severity Breakdown

Finding Categories

Requested Permissions

About This Extension

Detailed Findings

NET-FETCH-background.js-243

NET-FETCH-js/domains.js-25

MANIFEST-SENSITIVE-PERM-TABS

NET-FETCH-js/inc.js-8

NET-FETCH-background.js-194

NET-FETCH-content.js-346

NET-FETCH-content.js-365

NET-FETCH-js/domains.js-24

AI Security Report

AI Security Review

Key Reasons

False Positive Considerations

Frequently Asked Questions

Similar Extensions

Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng

SVG to AVIF Converter [ShiftShift]

ChromeCompare

CAI Tools

Auto Gmail - ChatGPT AI for email inbox

EC Seller Tools