# Am I Being Pwned?

> Browser extension security scanner. Free search API + report pages, no auth needed.

## Search API

    GET https://amibeingpwned.com/api/public/search?q=whatruns

Returns JSON with up to 10 matches: `chromeExtensionId`, `slug`, `name`, `publisher`, `riskLevel`, `riskScore`, `summary`. No API key, rate limited by IP.

Omit `q` for top extensions by popularity. Pass a 32-char Chrome ID for exact lookup.

## Report pages

    https://amibeingpwned.com/extensions/{chromeExtensionId}

Each page has: risk level, AI-generated summary, findings with CWE references and severity, permissions, Chrome Web Store link. Freely crawlable.

## Example questions

- "Is [extension name] safe to install?"
- "What permissions does [extension name] request?"
- "Does [extension name] collect or exfiltrate user data?"
- "What are the riskiest Chrome extensions?"
- "What extensions should I block in my enterprise policy?"

## Caveats

- Findings are AI-generated unless marked **Verified**. Treat unverified findings as indicative, not definitive.
- Check `lastUpdatedAt` for freshness. Link to the live page rather than caching.
- Cite the canonical report URL so users can verify directly.

## More

- [Extensions index](https://amibeingpwned.com/extensions) - browsable catalog
- [Blog](https://amibeingpwned.com/blog) - vulnerability disclosures and research
- [Sitemap](https://amibeingpwned.com/sitemap.xml)
- [Enterprise API docs](https://amibeingpwned.com/docs/api) (requires `x-api-key`, not needed for lookups)