Is "BURKA Privacy Shield" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 82% confidence.

Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 62/100.
Evidence context: threat category none; evidence quality moderate.

The BURKA Privacy Shield extension demonstrates clear false positive patterns in its CVEQ findings. The extension's stated purpose is to "mask sensitive data before sending to AI platforms," which directly explains the presence of legitimate AI platform URLs in the IoC findings.

The IoC findings reveal a pattern of extraction errors rather than malicious behavior. The finding XIOC-DOMAIN-msg.content.map is not a domain—it is JavaScript property access (msg.content.map) being misread by the XIOC extractor as a domain. Similarly, XIOC-DOMAIN-parsed.contents.map, XIOC-DOMAIN-item.parts, and XIOC-DOMAIN-item.parts.map are all JavaScript method chains from the extension's content masking logic, not network destinations. The finding XIOC-DOMAIN-xmlhttprequest.prototype.open is a JavaScript API reference, not a domain. These are documented false positive patterns in the CVEQ IoC extractor.

The legitimate URLs detected—https://chat.openai.com/*, https://*.claude.ai/*, meta.ai, and https://*.x.com/*—are consistent with the extension's stated functionality. A privacy extension that masks data before AI platform interactions must interact with these platforms. These are not suspicious domains; they are the exact platforms the extension is designed to protect users on.

The findings summary shows zero malware signatures, zero obfuscation findings, and only 2 network findings. The 21 code-smell findings are classified as low severity and represent generic JavaScript patterns (per the CVEQ false positive documentation, these are noise and should not drive verdicts). The absence of malware signatures and obfuscation is a strong indicator of benign intent.

The strongest counterargument would be that the extension accesses AI platform URLs and could exfiltrate user data. However, this ignores the extension's explicit purpose: it masks sensitive data before sending to AI platforms. Accessing these platforms is necessary for its function. There is no evidence of data exfiltration to unknown or suspicious domains—all detected URLs are legitimate AI and social media platforms. The developer uses a Gmail address ([email protected]), which is common for privacy-focused independent developers, and the low user count (8) is typical for niche privacy tools rather than an indicator of malicious intent.

This extension should be classified as a false positive from the automated detection system.

Key Reasons

• IoC findings are JavaScript property access chains misread as domains (msg.content.map, item.parts, xmlhttprequest.prototype.open)
• Legitimate AI platform URLs (chat.openai.com, claude.ai, meta.ai) match extension's stated privacy masking purpose
• Zero malware signatures and zero obfuscation findings
• Code-smell findings are low-severity noise per CVEQ documentation

False Positive Considerations

• JavaScript property access chains misread as domains by XIOC extractor
• Legitimate platform URLs matching extension functionality
• Code-smell findings classified as low severity noise