Evaluates manifest permissions scope, content security policy, content script isolation, message passing security, and host permission minimization to ensure the principle of least privilege.
22
Total Checks
3
Delivery Formats
3
Categories
7
Versions
Included
Never included
Quality hardening: added enumeration/counting requirements, numeric thresholds, cross-references, anti-sycophancy guardrails, measurement-on-pass directives, quoting requirements, and code/path examples to all 22 checks. Added golden and bare-minimum test fixtures and manifests.
2026-04-02
Added chunked format for browser-based tools
2026-03-01
Improved Step 3: paste URL is now primary submission method
2026-03-01
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Fixed invalid prompt_hash — replaced placeholder/non-hex value with actual SHA-256 digest of prompt content
2026-02-23
Fixed severity band violation: downgraded no-all-urls from critical to high (critical was 51.3%, now 42.3%). Added missing non-persistent-background check to telemetry template (was in definitions but absent from template).
2026-02-21
Initial release
2026-02-21
Picked by pack overlap with this audit.
Assesses store listing completeness, policy compliance, screenshot quality, update strategy, and review preparation for Chrome Web Store submission.
Assesses data collection practices, privacy disclosures, storage security, third-party data sharing, and compliance with browser store privacy requirements.
Evaluates popup responsiveness, badge/notification usage, loading states, extension bundle size, memory usage, and integration with browser UX conventions.