Back to home

LayerX vs Am I Being Pwned

LayerX ExtensionPedia vs Am I Being Pwned

LayerX ExtensionPedia scores 200,000+ extensions by permissions and reputation, no install needed. Here's what an isolated run and captured evidence catch that reputation misses.

Does LayerX ExtensionPedia tell you if an extension is safe?

LayerX's ExtensionPedia is a free public database that assigns a unified risk score to 200,000+ extensions, so you can look one up without installing it. The score is built from permission scope, publisher reputation and LayerX's risk parameters, and the company pitches it as a way to assess an extension 'even if it's not yet installed'.

LayerX does do real behavioural monitoring, to be clear - but that's its browser agent watching an already-installed extension in live user sessions and flagging risky behaviour as it happens. Genuinely behavioural, and useful, but reactive: the extension is running on a real person before it's judged, and what you get is monitoring and a score, not the record of a controlled run.

The score's soft spot is reputation. ExtensionPedia scored WhatRuns 4.2 out of 10 - a middling Medium - about what you'd expect for a Featured, Verified, 400k-user extension. It was uploading users' ChatGPT and Claude chats the whole time, and the score never said so. A permission-and-reputation model can't see that; running the extension can. Am I Being Pwned judges the call on behaviour, not the publisher's standing.

What LayerX gives you

  • ExtensionPedia: a free public risk score for 200,000+ extensions, lookable without installing anything
  • A unified score from permission scope, publisher reputation and LayerX's risk parameters
  • Real-time behavioural monitoring of installed extensions via the LayerX browser agent in live sessions
  • A full enterprise-browser platform around it - in-browser DLP, GenAI and identity governance, shadow-SaaS discovery
  • Widely-cited 'best tools' comparison content that ranks across the category

Where it stops

  • ExtensionPedia's score is a lookup you get without installing the extension, not the output of a controlled, pre-trust run you trigger
  • Its behavioural signal comes from watching an extension already installed on real user machines, not an isolated run before you trust it
  • Reputation weighting scores a trusted, high-install publisher well even when its code has turned hostile
  • You get a score plus live alerts, not a per-extension evidence report you can hand an auditor

LayerX vs Am I Being Pwned

Capability
LayerX
Am I Being Pwned
Free public lookup
Yes - ExtensionPedia, 200k+ extensions
Yes - any extension, no account
Basis of the score
Permission scope + publisher reputation
What the extension did when it ran
Isolated run before you trust it
No - monitors it live on real machines instead
Yes - run in isolation, pre-trust
Captured traffic you can inspect
A score and live alerts, not the traffic
The outbound requests and DOM writes, attached
Catches a trusted publisher gone bad
Reputation-weighted, so easily missed
Judged on behaviour, not standing
Enterprise-browser platform (DLP, AI governance)
Yes - a full in-browser platform
No - extension analysis, not a browser platform
An actionable call, not a grade
A unified risk score
Keep or remove, decided on behaviour

How to confirm an ExtensionPedia result

ExtensionPedia scores an extension without installing it. Here's how to confirm that score before you trust or block the extension.

  1. 1

    Look it up in ExtensionPedia

    Get LayerX's unified score and the permission and reputation signals behind it - no install needed.

  2. 2

    Spot the reputation weighting

    The score leans on publisher reputation and install base. That helps for an unknown publisher and misleads for a popular, trusted one that has quietly turned.

  3. 3

    Run it in isolation

    Paste the extension ID into Am I Being Pwned to execute it in a controlled browser and capture what it does - or scan your whole fleet - so a reputable-looking extension is judged on behaviour, not standing.

  4. 4

    Confirm, then block

    Keep the ones that behave; block the rest. LayerX can enforce in-browser; you can also push blocks through Chrome policy or your MDM.

  5. 5

    Re-check each release

    Reputation lags a hostile update by weeks. A fresh run on each new version doesn't.

From our published research

Frequently asked questions

What is LayerX ExtensionPedia?

A free public database that scores 200,000+ browser extensions so you can assess one without installing it. The score is built from permission scope, publisher reputation and LayerX's risk parameters. LayerX also sells a full enterprise-browser platform with real-time monitoring, DLP and AI governance around it.

Does LayerX ExtensionPedia run extensions in a sandbox?

ExtensionPedia gives you a score you can look up without installing the extension - LayerX markets it as a way to assess one 'even if it's not yet installed'. Its live product does monitor installed extensions on real machines, and its scores draw on aggregated session data, so there is genuine behavioural signal in the mix. What you don't get is an isolated run of that specific extension with the captured requests and DOM changes in front of you - which is what Am I Being Pwned shows you.

Is a reputation-based score reliable?

It's good at unknown or low-reputation extensions and weakest exactly where it matters: a Featured, Verified, million-user extension that ships hostile code. Stylish had every trust signal while exfiltrating every URL you visited. Behaviour, not reputation, is what tells those apart.

LayerX ranks itself first in its own comparisons - is that reliable?

LayerX publishes 'best browser extension security' lists with LayerX at the top; that's vendor-authored, not independent. Useful for discovering the field, less so for a verdict. For a specific extension, the honest test is to run it and watch what it does.

Triage every extension in your fleet, with evidence.

Free scan of your Google Workspace in under 48 hours.