Is "RecipePure" on Chrome Web Store Safe to Install?

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 85% confidence.

Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 61/100.
Evidence context: threat category none; evidence quality moderate.

RecipePure is a recipe extraction extension with 31 total findings that are entirely explainable by documented false-positive patterns. The 20 IoC findings consist exclusively of known noise sources: XIOC-IP-9:: is an IPv6 fragment (hex substring from minified JS, not a real IP), XIOC-DOMAIN-settings-panel.open, XIOC-DOMAIN-tab.id, XIOC-DOMAIN-recipe.instructions.map, XIOC-DOMAIN-texts.map, XIOC-DOMAIN-btn.id, XIOC-DOMAIN-overlay.id, and XIOC-DOMAIN-this.hostelement.id are all property access chains incorrectly parsed as domains by the XIOC extractor. The remaining IoCs reference legitimate Google services: https://translate.googleapis.com/translate_a/single and https://clients2.google.com/service/update2/crx are standard Google Translate API and Chrome extension update endpoints.

The 2 network findings include NET-FETCH-content.js-375, which simply indicates a fetch call exists in content.js at line 375 — this is expected behavior for an extension that extracts content from web pages. The 9 code-smell findings are classified as low-severity and match the known noise profile described in CVEQ's false-positive documentation (basic Node.js patterns, code-quality rules).

Critically, there are zero malware signatures, zero obfuscation findings, and no suspicious domains that fall outside Google infrastructure or known FP patterns. The extension's stated purpose (recipe extraction from cooking blogs) aligns with its network behavior (Google Translate API for potential language handling, standard fetch operations).

The strongest counterargument is the anonymous developer ([email protected]) and zero user count, which could indicate a throwaway malicious extension. However, anonymous publishers alone do not constitute evidence of malice, and the complete absence of malware signatures, obfuscation, or suspicious network destinations means there is no behavioral evidence supporting malicious intent. The findings are entirely consistent with a benign, possibly new or niche, recipe extraction tool.

Key Reasons

• All IoC findings are known false-positive patterns (IPv6 fragments, property access chains, Google domains)
• Zero malware signatures detected
• Zero obfuscation findings
• Network activity limited to legitimate Google APIs and standard fetch operations
• Extension behavior matches stated recipe extraction purpose

False Positive Considerations

• XIOC property access chain misclassification
• IPv6 fragment detection in minified JS
• Google API endpoint false positives
• Code-smell rule noise