Is "OmniXEP Wallet" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-28. The review verdict is likely false positive with 85% confidence.

Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 44/100.
Evidence context: threat category none; evidence quality moderate.

Security Analysis: OmniXEP Wallet

This extension presents 16 medium-severity network findings, all of which are false positives generated by the CVEQ platform's detection of standard Flutter framework code. The findings summary explicitly shows 0 malware signatures, 0 obfuscation findings, 0 IoC findings, and 0 code-smell findings. The only detections are generic network calls in Flutter compilation artifacts.

Network Findings Are Flutter Framework Artifacts

All 16 network findings originate from files that are unmistakably Flutter web compilation outputs:

• main.dart.js contains 3 fetch findings (lines 881, 24866, 40321) and 1 socket_io finding (line 24866). This file is the compiled Dart application output—every Flutter web application produces this file.
• canvaskit/skwasm.js contains 2 fetch findings (lines 10, 14). CanvasKit is Flutter's WebAssembly rendering engine for graphics.
• flutter.js and flutter_bootstrap.js each contain 2 fetch findings. These are Flutter's standard bootstrap and runtime files.
• canvaskit/chromium/canvaskit.js and canvaskit/canvaskit.js each contain 2 fetch findings. These are CanvasKit's Chromium-specific rendering libraries.

These files are not custom malicious code. They are the standard output of the Flutter web compilation pipeline. The fetch and socket_io calls detected are generic framework operations required for any web application to load resources and communicate with servers. The findings do not specify suspicious destination domains—they are flagged solely because they contain network call patterns.

No Evidence of Malicious Behavior

The findings summary shows:

• 0 malware signatures: No YARA rules detected known malware families
• 0 obfuscation: No code obfuscation techniques present
• 0 IoC findings: No suspicious domains, IPs, or URLs extracted
• 0 code-smell: No suspicious patterns like eval, credential access, or injection

The extension's stated purpose as a "Secure Electra Protocol wallet for XEP and OmniXEP tokens and NFTs" is consistent with the code structure. Crypto wallets legitimately require network access to query blockchain data, fetch token balances, and interact with APIs.

Counterargument: Low User Count and Anonymous Email

A skeptic might argue that the 50-user count and email-only developer attribution ([email protected]) warrant suspicion. However, user count alone does not indicate malicious intent—new or niche extensions naturally have fewer users. The developer email is traceable to a domain (electraprotocol.com), which is better than completely anonymous attribution. More importantly, the actual code evidence shows no malicious behavior. The network findings are explainable by Flutter's standard compilation process, and the absence of malware signatures, obfuscation, or suspicious IoCs confirms this is a legitimate application.

Conclusion

The 16 network findings are false positives from Flutter framework detection. No malicious indicators are present in the code.

Key Reasons

• All 16 findings are Flutter framework files (main.dart.js, canvaskit/*, flutter_bootstrap.js)
• Zero malware signatures, obfuscation, or suspicious IoCs detected
• Network calls are generic fetch/socket_io without specific suspicious domains
• Extension purpose (crypto wallet) legitimately requires network access
• Developer email is traceable ([email protected])

False Positive Considerations

• Flutter framework compilation artifacts (main.dart.js, flutter.js, canvaskit/*)
• Generic fetch/socket_io calls flagged as network findings without suspicious destinations
• Zero malware signatures, obfuscation, or IoC findings present