Is "IBM Task Mining" on Chrome Web Store Safe to Install?
Task Mining is the discovery, monitoring and analysis of user interaction data on desktops through the collection of frontend activities. This plugin is needed in order to detect actions on chrome with IBM Task Mining Client components (Agent and Chromium plugin). This addon does not collect and send any information without a running instance of IBM Task Mining Client. For more info visit https://www.ibm.com/cloud/cloud-pak-for-business-automation/process-mining.
Risk Assessment
Analyzed114 security findings detected across all analyzers
Chrome extension requesting 7 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
6 rules(14 hits)Requested Permissions
7 permissionsExchange messages with programs outside the browser
Access and modify data on every website you visit
Manage, modify, and monitor downloads
About This Extension
Detailed Findings
16 totalYARA Rule Matches
6 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 98
detected Domain: purl.org XIOC detected Domain: purl.org
extracted_from_files
detected Domain: message.tab XIOC detected Domain: message.tab
extracted_from_files
detected Domain: newtab.id XIOC detected Domain: newtab.id
extracted_from_files
detected Domain: ns.adobe.com XIOC detected Domain: ns.adobe.com
extracted_from_files
detected IP: ::6 XIOC detected IP: ::6
extracted_from_files
detected URL: https://github.com/dankogai/js-base64/issues/119 XIOC detected URL: https://github.com/dankogai/js-base64/issues/119
extracted_from_files
detected URL: http://opensource.org/licenses/BSD-3-Clause XIOC detected URL: http://opensource.org/licenses/BSD-3-Clause
extracted_from_files
detected URL: http://en.wikipedia.org/wiki/Base64 XIOC detected URL: http://en.wikipedia.org/wiki/Base64
extracted_from_files
detected URL: https://github.com/dankogai) XIOC detected URL: https://github.com/dankogai)
extracted_from_files
detected URL: https://stackoverflow.com/questions/12710001/how-to-convert-uint8-array-to-base64-encoded-string/12713326#12713326 XIOC detected URL: https://stackoverflow.com/questions/12710001/how-to-convert-uint8-array-to-base64-encoded-string/12713326#12713326
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected URL: https://blog.bitsrc.io/what-is-chrome-scripting-api-f8dbdb6e3987 XIOC detected URL: https://blog.bitsrc.io/what-is-chrome-scripting-api-f8dbdb6e3987
extracted_from_files
detected URL: https://docs.microsoft.com/en-us/dotnet/framework/winforms/controls/how-to-size-a-windows-forms-label-control-to-fit-its-contents XIOC detected URL: https://docs.microsoft.com/en-us/dotnet/framework/winforms/controls/how-to-size-a-windows-forms-label-control-to-fit-its-contents
extracted_from_files
detected URL: https://stackoverflow.com/questions/53056796/getboundingclientrect-from-within-iframe XIOC detected URL: https://stackoverflow.com/questions/53056796/getboundingclientrect-from-within-iframe
extracted_from_files
detected URL: https://www.jeffersonscher.com/res/resolution.php XIOC detected URL: https://www.jeffersonscher.com/res/resolution.php
extracted_from_files
detected URL: https://stackoverflow.com/questions/3437786/get-the-size-of-the-screen-current-web-page-and-browser-window XIOC detected URL: https://stackoverflow.com/questions/3437786/get-the-size-of-the-screen-current-web-page-and-browser-window
extracted_from_files
detected URL: https://chromium.googlesource.com/chromium/blink/+/master/Source/devtools/front_end/components/DOMPresentationUtils.js XIOC detected URL: https://chromium.googlesource.com/chromium/blink/+/master/Source/devtools/front_end/components/DOMPresentationUtils.js
extracted_from_files
detected URL: https://gist.github.com/asfaltboy/8aea7435b888164e8563 XIOC detected URL: https://gist.github.com/asfaltboy/8aea7435b888164e8563
extracted_from_files
detected URL: http://www.gimp.org/xmp/ XIOC detected URL: http://www.gimp.org/xmp/
extracted_from_files
detected URL: http://ns.adobe.com/tiff/1.0/ XIOC detected URL: http://ns.adobe.com/tiff/1.0/
extracted_from_files
detected URL: http://ns.adobe.com/xap/1.0/ XIOC detected URL: http://ns.adobe.com/xap/1.0/
extracted_from_files
detected URL: https://stackoverflow.com/a/9851769/3773011 XIOC detected URL: https://stackoverflow.com/a/9851769/3773011
extracted_from_files
detected URL: https://support.mozilla.org XIOC detected URL: https://support.mozilla.org
extracted_from_files
detected URL: https://chrome.google.com XIOC detected URL: https://chrome.google.com
extracted_from_files
detected URL: https://docs.google.com/spreadsheets/d XIOC detected URL: https://docs.google.com/spreadsheets/d
extracted_from_files
detected IP: ::a XIOC detected IP: ::a
extracted_from_files
detected Domain: www.w3.org XIOC detected Domain: www.w3.org
extracted_from_files
detected URL: http://www.w3.org/1999/02/22-rdf-syntax-ns# XIOC detected URL: http://www.w3.org/1999/02/22-rdf-syntax-ns#
extracted_from_files
detected URL: http://ns.adobe.com/xap/1.0/mm/ XIOC detected URL: http://ns.adobe.com/xap/1.0/mm/
extracted_from_files
detected URL: http://ns.adobe.com/xap/1.0/sType/ResourceEvent# XIOC detected URL: http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
extracted_from_files
detected URL: http://purl.org/dc/elements/1.1/ XIOC detected URL: http://purl.org/dc/elements/1.1/
extracted_from_files
detected Domain: el.id XIOC detected Domain: el.id
extracted_from_files
detected Domain: window.screen.top XIOC detected Domain: window.screen.top
extracted_from_files
detected Domain: nodeelem.id XIOC detected Domain: nodeelem.id
extracted_from_files
detected Domain: modallayer.id XIOC detected Domain: modallayer.id
extracted_from_files
detected Domain: modallayer.style.top XIOC detected Domain: modallayer.style.top
extracted_from_files
detected Domain: tags.map XIOC detected Domain: tags.map
extracted_from_files
detected Domain: nodefilter.show XIOC detected Domain: nodefilter.show
extracted_from_files
detected Domain: window.name XIOC detected Domain: window.name
extracted_from_files
detected Domain: obj.id XIOC detected Domain: obj.id
extracted_from_files
detected Domain: obj.name XIOC detected Domain: obj.name
extracted_from_files
detected Domain: clientrect.top XIOC detected Domain: clientrect.top
extracted_from_files
detected Domain: window.frameelement.id XIOC detected Domain: window.frameelement.id
extracted_from_files
detected Domain: event.target XIOC detected Domain: event.target
extracted_from_files
detected Domain: currentframeposition.top XIOC detected Domain: currentframeposition.top
extracted_from_files
detected Domain: console.info XIOC detected Domain: console.info
extracted_from_files
detected Domain: child.target XIOC detected Domain: child.target
extracted_from_files
detected Domain: input.id XIOC detected Domain: input.id
extracted_from_files
detected Domain: a.id XIOC detected Domain: a.id
extracted_from_files
detected Domain: b.id XIOC detected Domain: b.id
extracted_from_files
detected Domain: performance.now XIOC detected Domain: performance.now
extracted_from_files
detected Domain: trackobject.name XIOC detected Domain: trackobject.name
extracted_from_files
detected Domain: elem.id XIOC detected Domain: elem.id
extracted_from_files
detected Domain: window.top XIOC detected Domain: window.top
extracted_from_files
detected Domain: dims.top XIOC detected Domain: dims.top
extracted_from_files
detected Domain: rect.top XIOC detected Domain: rect.top
extracted_from_files
detected Domain: evt.data XIOC detected Domain: evt.data
extracted_from_files
detected Domain: event.data XIOC detected Domain: event.data
extracted_from_files
detected Domain: sender.data XIOC detected Domain: sender.data
extracted_from_files
detected Domain: gist.github.com XIOC detected Domain: gist.github.com
extracted_from_files
detected Domain: github.com XIOC detected Domain: github.com
extracted_from_files
detected Domain: opensource.org XIOC detected Domain: opensource.org
extracted_from_files
detected Domain: en.wikipedia.org XIOC detected Domain: en.wikipedia.org
extracted_from_files
detected Domain: mattlilek.com XIOC detected Domain: mattlilek.com
extracted_from_files
detected Domain: bcr.top XIOC detected Domain: bcr.top
extracted_from_files
detected Domain: elem.style XIOC detected Domain: elem.style
extracted_from_files
detected Domain: sender.tab.id XIOC detected Domain: sender.tab.id
extracted_from_files
detected Domain: chrome.downloads.search XIOC detected Domain: chrome.downloads.search
extracted_from_files
detected Domain: delta.id XIOC detected Domain: delta.id
extracted_from_files
detected Domain: data.tab.id XIOC detected Domain: data.tab.id
extracted_from_files
detected Domain: data.tab XIOC detected Domain: data.tab
extracted_from_files
detected Domain: www.jeffersonscher.com XIOC detected Domain: www.jeffersonscher.com
extracted_from_files
detected Domain: chromium.googlesource.com XIOC detected Domain: chromium.googlesource.com
extracted_from_files
detected Domain: clients2.google.com XIOC detected Domain: clients2.google.com
extracted_from_files
detected Domain: message.tab.audible XIOC detected Domain: message.tab.audible
extracted_from_files
detected Domain: message.tab.id XIOC detected Domain: message.tab.id
extracted_from_files
detected IP: 1.0.0.5 XIOC detected IP: 1.0.0.5
extracted_from_files
detected Domain: window.id XIOC detected Domain: window.id
extracted_from_files
detected Domain: support.mozilla.org XIOC detected Domain: support.mozilla.org
extracted_from_files
detected Domain: chrome.google.com XIOC detected Domain: chrome.google.com
extracted_from_files
detected Domain: window.chrome XIOC detected Domain: window.chrome
extracted_from_files
detected Domain: x.id XIOC detected Domain: x.id
extracted_from_files
detected Domain: currentwindow.top XIOC detected Domain: currentwindow.top
extracted_from_files
detected Domain: tab.id XIOC detected Domain: tab.id
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: element.tab XIOC detected Domain: element.tab
extracted_from_files
detected Domain: element.id XIOC detected Domain: element.id
extracted_from_files
detected Domain: www.gimp.org XIOC detected Domain: www.gimp.org
extracted_from_files
detected Domain: f.kz XIOC detected Domain: f.kz
extracted_from_files
detected Domain: stackoverflow.com XIOC detected Domain: stackoverflow.com
extracted_from_files
detected Domain: docs.google.com XIOC detected Domain: docs.google.com
extracted_from_files
detected Domain: blog.bitsrc.io XIOC detected Domain: blog.bitsrc.io
extracted_from_files
detected Domain: docs.microsoft.com XIOC detected Domain: docs.microsoft.com
extracted_from_files
detected Domain: message.data XIOC detected Domain: message.data
extracted_from_files
detected IP: :: XIOC detected IP: ::
extracted_from_files
detected IP: 1:: XIOC detected IP: 1::
extracted_from_files
detected Domain: array.prototype.slice.call XIOC detected Domain: array.prototype.slice.call
extracted_from_files
Security Analysis Summary
Security Analysis Overview
IBM Task Mining is a Chrome Web Store extension published by [email protected]. Version 1.0.0.5 has been analyzed by the Risky Plugins security platform, receiving a risk score of 64.99/100 (MEDIUM risk) based on 114 security findings.
Risk Assessment
This extension presents high security risk. Significant concerns were identified during analysis. It is not recommended for use in sensitive or production environments without thorough review.
Findings Breakdown
- Medium: 100 finding(s)
- Low: 14 finding(s)
What Was Analyzed
The security assessment covers multiple analysis categories:
- Malware Detection: YARA rule matching against 2,400+ malware signatures
- Secret Detection: Scanning for exposed API keys, tokens, and credentials
- Static Analysis: Code-level security analysis for common vulnerability patterns
- Network Analysis: Detection of suspicious network communications and endpoints
- Obfuscation Detection: Identification of code obfuscation techniques
Developer Information
IBM Task Mining is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 251 users.
Recommendation
This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
KPN Password Manager
[email protected]
MAGgie - An AI Assistant
[email protected]
Aintivirus Privacy and Wallet
[email protected]
BugZap — Visual Bug Reporter
[email protected]
FormGenieAI
[email protected]
OmniChat
[email protected]