Is "Amaprice" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-29. The review verdict is likely false positive with 85% confidence.

Recommended action: no action.
Risk context: MEDIUM risk, score 44/100.
Evidence context: threat category none; evidence quality moderate.

The Amaprice extension presents eight network findings, all classified as NET-FETCH detections across two source files: src/background/background.js (lines 25, 172, 455, 480) and src/popup/popup.js (lines 24, 93, 376, 833). These findings represent generic detection of the JavaScript fetch() API, not evidence of malicious network activity. Critically, the findings summary shows zero malware signatures, zero IoC detections, zero obfuscation findings, and zero code-smell findings. The extension's stated purpose—comparing product prices across European Amazon sites—requires network requests to fetch price data from Amazon's regional sites (FR, DE, ES, IT, BE). The eight fetch calls detected in background.js and popup.js align with this legitimate functionality.

The developer attribution uses a personal Yahoo email address ([email protected]), which is a minor concern but not evidence of malicious intent. Many legitimate small extensions use personal email addresses rather than corporate domains. The user count of 19 indicates this is a niche extension with limited adoption, which explains the absence of security review from the Chrome Web Store team but does not indicate malicious behavior.

None of the network findings reference specific suspicious domains. The CVEQ network detection system flags fetch() API usage generically, but without IoC findings showing connections to known malicious domains, custom search engines, or data exfiltration endpoints, these detections lack evidentiary value. The absence of obfuscation findings is particularly significant—malicious extensions typically employ obfuscation to hide malicious payloads, and this extension shows none.

The strongest counterargument is that the anonymous developer and low user count warrant caution. A skeptic would argue that unknown publishers with minimal user validation could be distributing malware under the guise of legitimate functionality. However, this argument fails to account for the actual evidence: zero malware signatures, zero suspicious IoCs, and network behavior that matches the stated purpose. If this were a malicious extension, we would expect to see at least one of: obfuscation in the source code, connections to suspicious domains in IoC findings, or malware signatures from YARA rules. None of these are present. The findings are consistent with a legitimate price comparison tool making expected network requests to Amazon sites, not with credential theft, browser hijacking, or data exfiltration.

The verdict is likely_false_positive because the finding volume is driven entirely by generic fetch API detection without supporting evidence of malicious intent or behavior.

Key Reasons

• Zero malware signatures detected
• Zero suspicious IoC findings
• Network behavior consistent with stated price comparison purpose
• Zero obfuscation findings

False Positive Considerations

• Generic fetch API detection without specific domain analysis
• Network findings count inflated by legitimate functionality