Is "Sticky Notes" on Chrome Web Store Safe to Install?

[email protected] · chrome · v0.2.1

- Add pinned comments anywhere on any webpage (like Figma comments) - One-click “+” mode to place multiple notes; custom cursor while active - Shareable links: notes are stored in the URL (compressed), no backend - Open links and auto-render notes; deep-link to specific positions - Works inside scrollable containers; notes stick to the right element - Colors/status presets (info, success, warning, danger) - Hover markers to preview; click to open a speech-bubble note with a tail - Edit, autosave (debounced) and delete; copy share URL with one click - Next/Prev navigation through all notes and auto-scroll-to-active - Toggle extension visibility via the browser toolbar icon - Accessibility: keyboard-friendly, high-contrast iconography - Privacy-first: no tracking, no network calls; data stays in your URL - Permissions are minimal and purpose-bound (see below) - Great for QA reviews, copy edits, design feedback, internal knowledge

Risk Assessment

Analyzed
41.06
out of 100
MEDIUM

124 security findings detected across all analyzers

Chrome extension requesting 4 permissions

Severity Breakdown

0
Critical
10
High
114
Medium
0
Low
0
Info

Finding Categories

10
Malware Signatures
110
IoC Indicators

YARA Rules Matched

7 rules(10 hits)
postinstall obfuscation postinstall file manipulation postinstall network communication postinstall file download postinstall system command NoUseWeakRandom postinstall crypto operations

Requested Permissions

4 permissions
<all_urls>

Access and modify data on every website you visit

Dangerous
activeTab
Medium
scripting
Low
clipboardWrite
Low

About This Extension

- Add pinned comments anywhere on any webpage (like Figma comments) - One-click “+” mode to place multiple notes; custom cursor while active - Shareable links: notes are stored in the URL (compressed), no backend - Open links and auto-render notes; deep-link to specific positions - Works inside scrollable containers; notes stick to the right element - Colors/status presets (info, success, warning, danger) - Hover markers to preview; click to open a speech-bubble note with a tail - Edit, autosave (debounced) and delete; copy share URL with one click - Next/Prev navigation through all notes and auto-scroll-to-active - Toggle extension visibility via the browser toolbar icon - Accessibility: keyboard-friendly, high-contrast iconography - Privacy-first: no tracking, no network calls; data stays in your URL - Permissions are minimal and purpose-bound (see below) - Great for QA reviews, copy edits, design feedback, internal knowledge

Detailed Findings

10 total

YARA Rule Matches

7 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

URLs
8
IP Addresses
4
Domains
98
Strings
110

All Indicators · 110

Domain
detected Domain: o.style

XIOC detected Domain: o.style

extracted_from_files

Domain
detected Domain: github.com

XIOC detected Domain: github.com

extracted_from_files

URL
detected URL: http://www.w3.org/2000/svg

XIOC detected URL: http://www.w3.org/2000/svg

extracted_from_files

URL
detected URL: http://www.w3.org/1999/xhtml

XIOC detected URL: http://www.w3.org/1999/xhtml

extracted_from_files

URL
detected URL: https://github.com/styled-components/styled-components/blob/main/packages/styled-components/src/utils/errors.md#

XIOC detected URL: https://github.com/styled-components/styled-components/blob/main/packages/styled-components/src/utils/errors.md#

extracted_from_files

URL
detected URL: http://www.w3.org/2000/svg'

XIOC detected URL: http://www.w3.org/2000/svg'

extracted_from_files

Domain
detected Domain: g.id

XIOC detected Domain: g.id

extracted_from_files

Domain
detected Domain: t.style.top

XIOC detected Domain: t.style.top

extracted_from_files

Domain
detected Domain: clients2.google.com

XIOC detected Domain: clients2.google.com

extracted_from_files

URL
detected URL: https://reactjs.org/docs/error-decoder.html?invariant=

XIOC detected URL: https://reactjs.org/docs/error-decoder.html?invariant=

extracted_from_files

URL
detected URL: http://www.w3.org/1999/xlink

XIOC detected URL: http://www.w3.org/1999/xlink

extracted_from_files

URL
detected URL: http://www.w3.org/XML/1998/namespace

XIOC detected URL: http://www.w3.org/XML/1998/namespace

extracted_from_files

Domain
detected Domain: t.top

XIOC detected Domain: t.top

extracted_from_files

Domain
detected Domain: xh.map

XIOC detected Domain: xh.map

extracted_from_files

Domain
detected Domain: ju.auto

XIOC detected Domain: ju.auto

extracted_from_files

Domain
detected Domain: l.id

XIOC detected Domain: l.id

extracted_from_files

Domain
detected Domain: z.id

XIOC detected Domain: z.id

extracted_from_files

Domain
detected Domain: r.map

XIOC detected Domain: r.map

extracted_from_files

Domain
detected Domain: f.id

XIOC detected Domain: f.id

extracted_from_files

Domain
detected Domain: v.target

XIOC detected Domain: v.target

extracted_from_files

Domain
detected Domain: n.as

XIOC detected Domain: n.as

extracted_from_files

Domain
detected Domain: a.as

XIOC detected Domain: a.as

extracted_from_files

Domain
detected Domain: d.target

XIOC detected Domain: d.target

extracted_from_files

Domain
detected Domain: o.target

XIOC detected Domain: o.target

extracted_from_files

Domain
detected Domain: r.top

XIOC detected Domain: r.top

extracted_from_files

Domain
detected Domain: o.call

XIOC detected Domain: o.call

extracted_from_files

Domain
detected Domain: n.target

XIOC detected Domain: n.target

extracted_from_files

Domain
detected Domain: n.props.map

XIOC detected Domain: n.props.map

extracted_from_files

Domain
detected Domain: g.name

XIOC detected Domain: g.name

extracted_from_files

Domain
detected Domain: r.name

XIOC detected Domain: r.name

extracted_from_files

Domain
detected Domain: r.id

XIOC detected Domain: r.id

extracted_from_files

Domain
detected Domain: this.name

XIOC detected Domain: this.name

extracted_from_files

Domain
detected Domain: this.id

XIOC detected Domain: this.id

extracted_from_files

Domain
detected Domain: r.call

XIOC detected Domain: r.call

extracted_from_files

Domain
detected Domain: e.map

XIOC detected Domain: e.map

extracted_from_files

Domain
detected Domain: ce.sc

XIOC detected Domain: ce.sc

extracted_from_files

Domain
detected Domain: e.constructor.name

XIOC detected Domain: e.constructor.name

extracted_from_files

Domain
detected Domain: object.name

XIOC detected Domain: object.name

extracted_from_files

Domain
detected Domain: errors.md

XIOC detected Domain: errors.md

extracted_from_files

Domain
detected Domain: this.gs

XIOC detected Domain: this.gs

extracted_from_files

Domain
detected Domain: n.name

XIOC detected Domain: n.name

extracted_from_files

Domain
detected Domain: n.id

XIOC detected Domain: n.id

extracted_from_files

Domain
detected Domain: o.id

XIOC detected Domain: o.id

extracted_from_files

Domain
detected Domain: t.id

XIOC detected Domain: t.id

extracted_from_files

Domain
detected Domain: this.comments.map

XIOC detected Domain: this.comments.map

extracted_from_files

Domain
detected Domain: i.id

XIOC detected Domain: i.id

extracted_from_files

Domain
detected Domain: u.top

XIOC detected Domain: u.top

extracted_from_files

Domain
detected Domain: a.next

XIOC detected Domain: a.next

extracted_from_files

Domain
detected Domain: n.compare

XIOC detected Domain: n.compare

extracted_from_files

Domain
detected Domain: r.is

XIOC detected Domain: r.is

extracted_from_files

Domain
detected Domain: r.next

XIOC detected Domain: r.next

extracted_from_files

Domain
detected Domain: l.name

XIOC detected Domain: l.name

extracted_from_files

IP
detected IP: ::

XIOC detected IP: ::

extracted_from_files

Domain
detected Domain: h.memoizedprops.style

XIOC detected Domain: h.memoizedprops.style

extracted_from_files

Domain
detected Domain: s.next

XIOC detected Domain: s.next

extracted_from_files

Domain
detected Domain: m.next

XIOC detected Domain: m.next

extracted_from_files

Domain
detected Domain: s.call

XIOC detected Domain: s.call

extracted_from_files

Domain
detected Domain: p.next

XIOC detected Domain: p.next

extracted_from_files

Domain
detected Domain: n.data

XIOC detected Domain: n.data

extracted_from_files

Domain
detected Domain: b.next

XIOC detected Domain: b.next

extracted_from_files

Domain
detected Domain: ne.next

XIOC detected Domain: ne.next

extracted_from_files

Domain
detected Domain: gn.next

XIOC detected Domain: gn.next

extracted_from_files

Domain
detected Domain: n.next

XIOC detected Domain: n.next

extracted_from_files

Domain
detected Domain: o.next

XIOC detected Domain: o.next

extracted_from_files

Domain
detected Domain: t.next

XIOC detected Domain: t.next

extracted_from_files

Domain
detected Domain: l.next

XIOC detected Domain: l.next

extracted_from_files

Domain
detected Domain: u.next

XIOC detected Domain: u.next

extracted_from_files

Domain
detected Domain: i.next

XIOC detected Domain: i.next

extracted_from_files

Domain
detected Domain: p.target

XIOC detected Domain: p.target

extracted_from_files

Domain
detected Domain: x.target

XIOC detected Domain: x.target

extracted_from_files

Domain
detected Domain: m.data

XIOC detected Domain: m.data

extracted_from_files

Domain
detected Domain: o.data

XIOC detected Domain: o.data

extracted_from_files

Domain
detected Domain: object.prototype.tostring.call

XIOC detected Domain: object.prototype.tostring.call

extracted_from_files

Domain
detected Domain: k.call

XIOC detected Domain: k.call

extracted_from_files

Domain
detected Domain: d.next

XIOC detected Domain: d.next

extracted_from_files

Domain
detected Domain: this.target

XIOC detected Domain: this.target

extracted_from_files

Domain
detected Domain: date.now

XIOC detected Domain: date.now

extracted_from_files

Domain
detected Domain: e.data

XIOC detected Domain: e.data

extracted_from_files

Domain
detected Domain: t.data

XIOC detected Domain: t.data

extracted_from_files

Domain
detected Domain: object.is

XIOC detected Domain: object.is

extracted_from_files

Domain
detected Domain: e.top

XIOC detected Domain: e.top

extracted_from_files

Domain
detected Domain: t.target

XIOC detected Domain: t.target

extracted_from_files

Domain
detected Domain: s.top

XIOC detected Domain: s.top

extracted_from_files

Domain
detected Domain: l.call

XIOC detected Domain: l.call

extracted_from_files

Domain
detected Domain: e.style

XIOC detected Domain: e.style

extracted_from_files

Domain
detected Domain: t.style

XIOC detected Domain: t.style

extracted_from_files

Domain
detected Domain: t.is

XIOC detected Domain: t.is

extracted_from_files

Domain
detected Domain: e.target

XIOC detected Domain: e.target

extracted_from_files

Domain
detected Domain: array.prototype.slice.call

XIOC detected Domain: array.prototype.slice.call

extracted_from_files

Domain
detected Domain: performance.now

XIOC detected Domain: performance.now

extracted_from_files

Domain
detected Domain: l.now

XIOC detected Domain: l.now

extracted_from_files

Domain
detected Domain: i.now

XIOC detected Domain: i.now

extracted_from_files

Domain
detected Domain: ei.call

XIOC detected Domain: ei.call

extracted_from_files

Domain
detected Domain: e.call

XIOC detected Domain: e.call

extracted_from_files

Domain
detected Domain: e.name

XIOC detected Domain: e.name

extracted_from_files

Domain
detected Domain: t.name

XIOC detected Domain: t.name

extracted_from_files

Domain
detected Domain: object.prototype.hasownproperty.call

XIOC detected Domain: object.prototype.hasownproperty.call

extracted_from_files

Domain
detected Domain: ma.call

XIOC detected Domain: ma.call

extracted_from_files

Domain
detected Domain: u.call

XIOC detected Domain: u.call

extracted_from_files

Domain
detected Domain: e.next

XIOC detected Domain: e.next

extracted_from_files

Domain
detected Domain: t.call

XIOC detected Domain: t.call

extracted_from_files

Domain
detected Domain: ud.call

XIOC detected Domain: ud.call

extracted_from_files

Domain
detected Domain: p.id-n.id

XIOC detected Domain: p.id-n.id

extracted_from_files

IP
detected IP: ::af

XIOC detected IP: ::af

extracted_from_files

IP
detected IP: ::bef

XIOC detected IP: ::bef

extracted_from_files

IP
detected IP: f::

XIOC detected IP: f::

extracted_from_files

Domain
detected Domain: e.id

XIOC detected Domain: e.id

extracted_from_files

Domain
detected Domain: reactjs.org

XIOC detected Domain: reactjs.org

extracted_from_files

Domain
detected Domain: www.w3.org

XIOC detected Domain: www.w3.org

extracted_from_files

URL
detected URL: https://clients2.google.com/service/update2/crx

XIOC detected URL: https://clients2.google.com/service/update2/crx

extracted_from_files

Security Analysis Summary

Security Analysis Overview

Sticky Notes is a Chrome Web Store extension published by [email protected]. Version 0.2.1 has been analyzed by the Risky Plugins security platform, receiving a risk score of 41.06/100 (MEDIUM risk) based on 124 security findings.

Risk Assessment

This extension presents moderate security risk. Several findings were detected that may warrant attention. Users should carefully review the permissions and findings before installation.

Findings Breakdown

  • High: 10 finding(s)
  • Medium: 114 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

  • Malware Detection: YARA rule matching against 2,400+ malware signatures
  • Secret Detection: Scanning for exposed API keys, tokens, and credentials
  • Static Analysis: Code-level security analysis for common vulnerability patterns
  • Network Analysis: Detection of suspicious network communications and endpoints
  • Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

Sticky Notes is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 4 users.

Recommendation

Exercise caution with this extension. Review the detailed findings and ensure the requested permissions align with the extension's stated functionality before installation.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

CommandGo

[email protected]

CRITICAL 28 users

HTML/CSS Extractor

[email protected]

CRITICAL 78 users

Pixel Perfect Pro

[email protected]

CRITICAL 10K users

Full Page Screenshot

[email protected]

HIGH 9 users

Photos Downloader Pro for Facebook

[email protected]

CRITICAL 458 users

OnHand

[email protected]

CRITICAL 5 users