Is "CallBlitz" on Chrome Web Store Safe to Install?
CallBlitz is a real-time call coaching software that allows your remote sales team to coach, collaborate, and compete, just like you did in person. This extension works together with the main CallBlitz app to capture the audio of your prospect from your dialer and let your teammates listen to it. Run your call blitz/power hour like you did in the office. Coach Peer-to-peer, manager-to-rep. Listen in to live calls to give immediate actionable feedback. Collaborate One team, one Zoom. Gather your reps to drive energy, boost activity, and build culture. Compete May the best rep win. Facilitate competition with live scoreboards and built-in gamification. (coming soon) One team, one Zoom No more lonely sales reps. - Team-oriented gallery view to drive camaraderie and engagement. - Syncs with your dialer to automatically change audio groups, allowing multiple reps (connected or not) to engage with each other without interrupting live conversations. - Manager console to monitor reps and track key metrics, providing visibility into individual performance and team productivity. Interactive Call Pods Async call coaching is too little, too late. - Join live calls with one click to listen to the conversation and discuss live rep performance, with the option to join in "stealth" mode to avoid stage-fright. - Give feedback on the spot through direct and indirect methods with chat, voice, quick reaction buttons, or filling out integrated scorecards - Know who is on the phone by pulling in call context from your CRM. - Facilitate live peer-to-peer or manager-to-rep coaching sessions
Risk Assessment
Analyzed13 security findings detected across all analyzers
Chrome extension requesting 6 permissions
Severity Breakdown
Finding Categories
Requested Permissions
6 permissionsAccess and modify data on every website you visit
About This Extension
Detailed Findings
13 totalAI Security Report
AI Security Review
Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-28. The review verdict is likely false positive with 85% confidence.
Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 44/100.
Evidence context: threat category none; evidence quality strong.
CallBlitz Security Analysis
The CallBlitz extension (version 0.1.0.35) presents 13 network-related findings across six JavaScript files, all classified as medium severity with no malware signatures, obfuscation, or suspicious IoC detections. The extension is published by [email protected] with a description stating "Bring your sales floor back," suggesting sales transcription functionality.
All 13 findings are generic network operation detections. The NET-FETCH-js/background/logger.js-112 and NET-FETCH-js/background/logger.js-125 findings identify fetch calls in the background logger script. Similarly, NET-FETCH-js/shared/api.js-4, NET-FETCH-js/shared/api.js-17, NET-FETCH-js/shared/api.js-30, NET-FETCH-js/shared/api.js-43, NET-FETCH-js/shared/api.js-57, and NET-FETCH-js/shared/api.js-81 detect fetch operations in the shared API module. The NET-FETCH-js/shared/logger-client.js-309 finding identifies network calls in the logger client. WebSocket and socket.io connections are detected in NET-WEBSOCKET-js/content-script/transcriber.js-80, NET-SOCKET_IO-js/offscreen/socket-manager.js-89, and NET-SOCKET_IO-js/native-socket.js-14.
These network operations are standard behavior for any extension that communicates with a backend service. The file names themselves—transcriber.js, api.js, logger.js, socket-manager.js—align with legitimate sales transcription functionality rather than malicious activity. There are zero malware signatures, zero obfuscation findings, zero suspicious IoC detections, and zero code-smell findings in the entire evidence bundle.
The strongest counterargument would be that any extension making network calls could exfiltrate data. However, this extension has no obfuscation to hide malicious code, no suspicious domains in the IoC findings (there are zero IoC findings), and no malware signatures. The network calls are in clearly named files (api.js, logger.js, transcriber.js) that suggest legitimate functionality. Without specific evidence of suspicious domains, credential access patterns, or data exfiltration to unknown endpoints, these generic network findings represent normal extension behavior rather than security concerns.
The verdict is likely_false_positive because all findings are benign network operations expected in any extension with backend communication, there is no evidence of malicious intent or behavior, and the file structure and naming conventions align with legitimate sales transcription functionality.
Key Reasons
- All 13 findings are benign network operation detections
- Zero malware signatures, obfuscation, or suspicious IoCs
- File names indicate legitimate transcription functionality
- Developer attribution present ([email protected])
- No evidence of credential theft, hijacking, or exfiltration
False Positive Considerations
- Generic network findings on standard fetch/websocket calls
- Zero malware signatures in evidence bundle
- Zero obfuscation findings
- Zero suspicious IoC detections
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng
[email protected]
SVG to AVIF Converter [ShiftShift]
[email protected]
ChromeCompare
[email protected]
CAI Tools
[email protected]
Auto Gmail - ChatGPT AI for email inbox
[email protected]
EC Seller Tools
[email protected]