Free Chrome extension scanner
Scan any Chrome extension for hidden risks
Permissions tell you what an extension could do. This tells you what it actually does. Paste an extension ID or name and see the network calls, data access and behaviour behind it - with the evidence attached.
How do I check if a Chrome extension is safe?
Reading the permission list isn’t enough. Safe extensions routinely ask for broad access, and data-harvesting ones can look modest on paper. The reliable signal is behaviour: what the extension’s code does when it runs.
Am I Being Pwned scans a Chrome extension by loading it into an instrumented browser, driving it against live sites, and capturing the requests it makes, the data it reads, and anything it sends out. You get a keep-or-remove verdict with that captured evidence attached, so the answer holds up to a second opinion.
What the scan looks for
- Data exfiltration: session cookies, page content or form data sent to unknown endpoints
- Over-broad permissions that don't match what the extension actually does
- Obfuscated or encoded payloads hiding what the code sends
- Silent updates that change behaviour after you install
- Third-party trackers and analytics loaded into every page you visit
- AI chat scraping: quietly harvesting your ChatGPT, Claude or Gemini conversations
How to scan a Chrome extension
Two ways in: check one extension for free above, or scan every extension across your whole organisation at once.
- 1
Paste the extension
Enter the Chrome extension's name, or its 32-character ID from the Web Store URL. You don't need an account to scan a single extension.
- 2
We read the code and run it
The scanner loads the extension into an instrumented browser, drives it against live sites, and captures the network calls, DOM changes and messages its code actually produces - not just the permissions it declares.
- 3
Get a verdict with evidence
You get a clear risk level backed by the captured behaviour: the endpoints it hit, the data it read, and anything it sent out. Every finding is tied to the request or DOM change that proves it.
- 4
Scan your whole fleet
Connect Google Workspace to scan every extension installed across your org at once, and get alerted when an extension ships a risky update.
Frequently asked questions
How do I scan a Chrome extension for viruses or malware?
Paste the extension's name or its ID into the scanner above. Instead of only reading the permissions it declares, Am I Being Pwned loads the extension, runs it against live sites, and captures what its code actually does - the network requests it makes, the data it reads, and anything it sends out. You get a risk verdict with that captured evidence attached, so a malicious extension shows its behaviour, not just a suspicious permission list.
Is this Chrome extension safe? How can I tell?
Permissions alone can't tell you. Plenty of safe extensions ask for broad access, and plenty of data-harvesting ones look modest on paper. The reliable signal is behaviour: what the extension does when it runs. Scan it above to see whether it stays within its stated job or quietly reads and sends data it has no reason to touch.
Where do I find a Chrome extension's ID?
Open the extension's Chrome Web Store page. The 32-character string of letters at the end of the URL (after /detail/name/) is its ID. You can paste either the ID or the extension name into the scanner.
Is the extension scanner free?
Yes. Scanning a single extension is free and needs no account. To scan every extension across your organisation at once and get alerted on risky updates, connect your Google Workspace for a free fleet scan.
How is this different from the Chrome Web Store's own review?
The Web Store checks an extension at submission and relies heavily on declared permissions and reputation. It doesn't re-run the extension against live sites on demand and show you the captured traffic. Extensions have also gone bad after they were approved, through silent updates or an ownership change. A behavioural scan reflects what the current version does right now.
Scan every extension in your fleet, with evidence.
Free scan of your Google Workspace in under 48 hours.