Is Sabrina Carpenter Dynamic Keywords safe to use?

Sabrina Carpenter Dynamic Keywords has a security risk score of 43.58/100 (MEDIUM risk). Our security analysis detected 2 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of Sabrina Carpenter Dynamic Keywords?

Based on our automated security analysis, Sabrina Carpenter Dynamic Keywords presents medium risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "Sabrina Carpenter Dynamic Keywords" on Chrome Web Store Safe to Install?

[email protected] · chrome · v1.0.6

Add a little Espresso to your daily browsing! ☕💋 This fan-made, beautifully animated extension turns your Chrome browser into a dedicated Sabrina Carpenter easter egg hunt. It sits completely invisibly in the background while you browse your favorite websites, work, or chat. How it works: Whenever you natively type the name of a Sabrina Carpenter song anywhere on your keyboard (like "Espresso", "Feather", or "Nonsense"), the extension instantly comes to life! Your screen will transform into a gorgeous glassmorphic overlay featuring: 🎶 A high-quality 30-second audio preview of the exact song you just typed. ✨ A stylish shower of floating kiss emojis. 📸 A perfectly matched, dynamic GIF of Sabrina reacting to your phrase! Always Up to Date: No need to wait for extension updates when she drops a new album! The extension dynamically syncs with the magical iTunes API in the background. Whenever Sabrina publishes a new song, the track name automatically becomes a secret trigger phrase on your browser within 24 hours. Install it now, keep typing normally, and wait for the surprises to hit! (Disclaimer: This is a fan-made extension for fun and is not affiliated with Sabrina Carpenter or Island Records. Permissions are strictly required only to monitor keystrokes locally in order to trigger the animations—no typing data is ever saved or transmitted).

Risk Assessment

Analyzed

43.58

out of 100

MEDIUM

2 security findings detected across all analyzers

Chrome extension requesting 4 permissions

Severity Breakdown

Critical

High

Medium

Low

Info

Finding Categories

Network

Requested Permissions

4 permissions

storage

Low

offscreen

Low

https://itunes.apple.com/*

Low

https://g.tenor.com/*

Low

About This Extension

Detailed Findings

2 total

AI Security Report

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 85% confidence.

Recommended action: no action.
Risk context: MEDIUM risk, score 44/100.
Evidence context: threat category none; evidence quality strong.

This extension demonstrates a clean security profile with only two medium-severity network findings, both benign in nature. The findings NET-FETCH-assets/index.html-DzEx_q9w.js-1 and NET-FETCH-assets/modulepreload-polyfill-wMinxHhO.js-1 represent standard fetch API calls to load bundled JavaScript assets. The hashed filenames (DzEx_q9w.js, wMinxHhO.js) are characteristic of webpack or similar bundler output, not obfuscation attempts.

The extension contains zero malware signatures, zero obfuscation findings, zero suspicious IoCs, and zero code-smell detections. The description "Trigger Sabrina winks and songs by typing keywords anywhere" aligns with a simple fan extension for the pop singer Sabrina Carpenter, with no behavioral mismatch between stated purpose and detected capabilities.

The strongest counterargument against this verdict is the use of a personal Gmail address ([email protected]) rather than a verified developer account, combined with only 12 users. However, this pattern is common for hobbyist fan extensions and does not constitute malicious intent. The extension's functionality is transparent, its code contains no suspicious patterns, and the network activity is limited to loading its own bundled assets. A malicious extension would exhibit credential access, suspicious domain connections, or obfuscation—none of which are present in the evidence bundle.

The verdict is likely_false_positive because the automated scanner flagged basic JavaScript fetch calls as findings, but these are normal operational behavior for any modern web extension. There is no evidence of malicious intent, data exfiltration, or harmful capabilities. The finding count of 2 is minimal and entirely consistent with legitimate extension behavior.