Is "Asunto-Osake Tulkki" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 75% confidence.

Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 53/100.
Evidence context: threat category none; evidence quality moderate.

Extension Overview

Asunto-Osake Tulkki (version 1.0.2) is a Finnish real estate analysis extension that claims to analyze listings on Oikotie.fi and Etuovi.com. The extension declares the 'tabs' permission in manifest.json, which is functionally appropriate for a tool that inspects web pages.

Findings Analysis

The evidence bundle contains 9 findings, all medium severity. The manifest-analysis finding (MANIFEST-SENSITIVE-PERM-TABS in manifest.json) flags the tabs permission, which is legitimate for this extension's stated purpose of analyzing real estate listings on websites.

The 8 network findings are generic fetch and socket_io detections in bundled asset files: assets/index-jY4wIOEF.js and assets/index.html-BDCNzg0v.js. The hash-like suffixes (jY4wIOEF, BDCNzg0v) indicate these are webpack/bundled JavaScript outputs, not obfuscated code. Critically, these findings contain no specific domain IoCs—the findings summary shows "ioc":"0". The network findings are code-pattern detections, not evidence of connections to malicious domains.

Evidence Quality

The findings summary explicitly shows zero malware signatures ("malware-signature":"0"), zero obfuscation findings ("obfuscation":"0"), and zero code-smell detections ("code-smell":"0"). These absences are significant: real malicious extensions typically trigger at least one malware signature or obfuscation finding.

Counterargument

A skeptic could argue the zero user count and generic developer email ([email protected]) suggest an abandoned or suspicious project. However, user count alone is not a security indicator—new extensions legitimately have zero users. The developer email, while generic, is tied to a domain that matches the extension's Finnish real estate focus. These factors create uncertainty about the extension's quality or support status, but they do not constitute evidence of malicious behavior. Without malware signatures, suspicious domains, or obfuscation, the findings represent expected noise from static analysis of bundled JavaScript.

Conclusion

The findings are driven by known false-positive patterns: generic network pattern matching in bundled/minified files without specific malicious indicators. The tabs permission aligns with the extension's documented functionality. This is a likely false positive.

Key Reasons

• Zero malware signatures and zero obfuscation findings
• Network findings are generic pattern matches in bundled files without suspicious domains
• Tabs permission is appropriate for stated real estate analysis functionality
• No IoC detections (ioc count is 0 in findings summary)

False Positive Considerations

• Bundled/minified JavaScript files with hash suffixes triggering generic network pattern matches
• Zero malware signatures and zero obfuscation findings
• No specific suspicious domain IoCs detected (ioc count is 0)
• Generic fetch/socket_io detections without malicious domain targets