Is New XKit safe?

Clean risk

Tumblr extension framework with postMessage handler lacking origin validation. eval() usage is limited to trusted extension code from GitHub CDN.

v7.9.2Chrome Web Store
0Risk

AI-generated. Findings may contain errors. Those marked Verified have been manually reviewed.

Publishers can request a review.

Updated 3 May 2026inobiceghmpkaklcknpniboilbjmlald