Is "Premium Sender Plus" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-05-11. The review verdict is likely false positive with 75% confidence.

Recommended action: no action.
Risk context: MEDIUM risk, score 53/100.
Evidence context: threat category none; evidence quality moderate.

Premium Sender Plus presents a relatively clean security profile despite triggering four medium-severity findings. The extension declares the sensitive 'tabs' permission in manifest.json, which allows reading browser tab data. This permission is necessary for a message-sending extension to access page content but warrants scrutiny given the developer's anonymity.

The three network findings in background.min.js:20, content.js:120, and content.js:24 detect generic fetch() calls without identifying specific destination domains. Critically, the findings_summary shows zero IoC matches, meaning no suspicious domains were extracted from these network calls. The absence of malware-signature findings (0 matches) is significant—no known malware families triggered. Similarly, obfuscation findings are absent (0 matches), indicating readable code without steganographic techniques or payload hiding.

The developer attribution is an email address ([email protected]) rather than a company name, which reduces transparency but is not inherently malicious. With 80,000 users, the extension has achieved meaningful adoption, though user count alone neither confirms safety nor danger.

Counterargument: A skeptic might argue that the combination of tabs permission, network activity, and anonymous developer creates sufficient risk for a higher threat classification. However, the evidence does not support this. The network findings lack specific domain destinations—they detect fetch() calls, not data exfiltration to suspicious servers. Zero IoC findings mean no known malicious or suspicious domains were identified in the code. No malware signatures triggered despite the presence of network and permission-related code. The code-smell category shows zero matches, meaning no credential access patterns, eval() usage, or other suspicious code structures were detected. Without evidence of what data is transmitted or where, elevated permissions alone do not constitute malicious behavior.

The verdict of likely_false_positive reflects that the finding volume is driven by legitimate extension functionality (tabs permission for messaging, fetch calls for backend communication) rather than malicious intent. The clean malware and obfuscation scores are the strongest indicators that automated detection inflated the risk assessment without identifying actual threats.

Key Reasons

• Zero malware signatures detected despite network and permission findings
• Zero obfuscation findings—code is readable without steganographic techniques
• Zero IoC findings—no suspicious domains extracted from network calls
• Tabs permission is sensitive but functionally necessary for message-sending extensions
• Generic fetch() detections lack specific destination domain information

False Positive Considerations

• Network findings detect generic fetch() calls without malicious destinations
• Manifest permission findings flag sensitive but legitimate tabs access
• Zero IoC matches indicate no suspicious domains in network activity