Is it a technical necessity? Or is it a keylogger sending your bank logins to a server in a basement somewhere? Unless you're a developer willing to manually download and decompile the .crx file, you’re just guessing.
I got tired of that "blind trust" model and built an AI-powered security scanner that goes through the actual code of every extension on the store: ChromeBoard.com.
What ChromeBoard Does: - Full Source Code Analysis: We don’t just read the description; we scan the entire codebase. - Plain English Reports: We explain permissions in simple terms. No "trust scores"—just the facts so you can decide. - Network Mapping: We identify every external server your data is sent to. - Flagging Dangerous Patterns: Our AI detects eval(), obfuscation, crypto-mining, and potential keyloggers. - Version Comparisons: See exactly what changed (or what was added) between updates. - Auto-Rescans: We trigger a new scan whenever an extension updates.
The Vision: Why this matters Right now, each scan takes about 2 minutes. Why? Because I’m running this entire operation on a single RTX 4090 using a local Qwen3-Coder-30B model. I’m doing this locally because: - Privacy: I refuse to send extension code to some cheap no-privacy third-party AI APIs. - Cost: I can’t afford $50k/month in inference fees for 250k+ extensions.
The site has only been live for two days, but the goal is to make this the "Carfax" of the Chrome Ecosystem. - For Users: A "check before you install" report that actually makes sense. - For Developers: A way to get "Verified Trust" signals to drive adoption. - For Enterprises: A third-party vetting tool for IT admins to secure their org.
The "Ask": Help me scale this I’ve reached the limit of what a single local GPU can do. I am looking for Cloud AI/Inference sponsors to help me move this from "side project speed" to "ecosystem speed."
With the right compute partners, I could scan 1,000x faster, provide real-time alerts when a behavior changes, and open up an API for other security tools. If you represent a cloud provider or AI platform, here is why you want to be the engine behind ChromeBoard:
- Massive Visibility: Your brand on every security report ("Powered by..."). - High Volume: A sustained, high-integrity API flow through your stack. - The "Good Guy" Factor: You’re helping secure the browsers of millions of people.
I’m just one dev who got tired of clicking "Install" and praying. If you’re a dev, an admin, or just hate malware, check out the site and let me know: Which extension should I scan next?
Check it out: ChromeBoard.com