Kami For Google Chrome

Name: Security Analysis: Kami For Google Chrome
Item: Kami For Google Chrome
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 21M+ users

📦 v2.0.22152

💾 4.0MiB

📅 2026-01-18

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Elevate instruction and reach every learner with Kami, a game-changing learning platform that turns any resource into interactive experiences. Teachers save hours on teaching, grading, and planning lessons, while school leaders gain a cost-effective solution to drive insight and impact. With seamless integration for popular LMS platforms like Canvas and Google Classroom, Kami helps students engage and thrive, especially English language learners with built-in tools.

Overview

Elevate instruction. Reach every learner.

Kami’s game-changing learning platform turns any resource into interactive, accessible experiences that spark curiosity and success. Trusted by over 50+ million users, it brings learning to life—engaging every student, including English language learners with built-in tools to help them thrive. Teachers save hours every week on teaching, grading, and planning lessons. School leaders gain a powerful, cost-effective solution that drives insight and real impact.

- 94% of teachers report improved student engagement
- 7.8 hours a week saved by teachers on average
- 80% of teachers agree there’s been a positive impact on learning

Results from the Kami Teacher Survey 2023 | 1665 respondents | USA only | 95% Confidence | 2% Margin of error

Seamlessly works with Canvas, D2L Brightspace, Google Classroom, Microsoft Teams and Schoology.

Ready for more? Try Kami for free today www.kamiapp.com

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

🔄 New version v2.0.22152 detected — scan automatically queued.

v2.0.22632 Info Scanned Mar 7, 2026

Security Analysis — Kami For Google Chrome

Analyzed v2.0.22632 · Mar 7, 2026 · 40 JS files · 4540 KB scanned

Permissions

Code Patterns Detected

External Connections

www.w3.org www.kamiapp.com web.kamihq.com api.kamihq.com tools.kamihq.com docs.google.com classroom.google.com help.kamiapp.com github.com drive.google.com www.canva.com react.dev +8 more

Package Contents 91 files · 15.8MB

▾📁_locales147KB

▾📁af16KB

{}messages.json16KB

▾📁de16KB

{}messages.json16KB

▾📁en30KB

{}messages.json30KB

▾📁es16KB

{}messages.json16KB

▾📁fr17KB

{}messages.json17KB

▾📁it16KB

{}messages.json16KB

▾📁nl16KB

{}messages.json16KB

▾📁uk20KB

{}messages.json20KB

▾📁_metadata12KB

{}verified_contents.json12KB

▾📁assets27KB

🎨browser_open_with_kami_styles.css448B

🎨companion_floatingk.css3KB

🎨companion_iframes.css942B

🎨companion_toolbar.css3KB

🎨google_classroom_styles.css13KB

🎨popup-BqQRda9I.css4KB

🎨schoology_page_script.css3KB

▾📁chunks283KB

📜_virtual_wxt-html-plugins-DPbbfBKe.js779B

📜base-BqXMSrpw.js237B

📜canvas_form_redirect-jxpUrdPg.js521B

📜offscreen-C_KTwKh8.js2KB

📜options-axzw2zFv.js133B

📜popup-C06b3tSj.js279KBlarge

📜util-P0i86Rdk.js540B

▾📁content-scripts261KB

📜browser_open_with_kami.js5KB

🎨canva.css226B

📜canva.js11KB

🎨canvas.css4KB

📜canvas.js11KB

🎨canvas_bluebonnet.css2KB

📜canvas_bluebonnet.js8KB

📜canvas_new_assignment.js25KB

📜companion_mcgraw_hill.js5KB

📜global.js19KB

📜global_all_frames.js5KB

🎨google_classroom.css15KB

📜google_classroom.js50KBlarge

📜google_classroom_grading.js9KB

📜google_classroom_picker.js4KB

📜google_docs.js8KB

🎨google_docs_styles.css593B

📜google_docs_styles.js3KB

📜google_drive.js15KB

📜notablemain_bootstrap.js4KB

🎨office365_inner.css448B

📜office365_inner.js8KB

📜office365_outer.js4KB

📜peardeck.js6KB

📜schoology.js25KB

🎨teachers_pay_teachers.css752B

📜teachers_pay_teachers.js11KB

▾📁fonts121KB

🔤Mulish-Regular.woff246KB

🔤Mulish-VariableFont.woff275KB

▾📁icon16KB

🖼icon128.png3KB

🖼icon16.png464B

🖼icon19.png536B

🖼icon256.png6KB

🖼icon32.png782B

🖼icon38.png905B

🖼icon48.png1KB

🖼icon64.png1KB

🖼icon96.png2KB

▾📁images139KB

🖼bookcreator-screenshot.png84KB

🖼companion-menu-screenshot.webp5KB

🖼companion-screenshot.png27KB

🖼kami-logo-full-white.svg3KB

🖼kami-screenshot.png19KB

🖼tick.svg731B

▾📁other10.9MB

📄en2.7MB

📄en-ca2.7MB

📄en-gb2.7MB

📄es2.7MB

📜background.js79KBlarge

🌐canvas_form_redirect.html405B

📜companion_floatingk.js51KBlarge

📜companion_google_docs.js24KB

📜companion_iframes.js82KBlarge

📜companion_immersive_reader_analytics.js15KB

📜companion_lazy_languages.js256KBlarge

📜companion_lazy_markdown.js176KBlarge

📜companion_lazy_stemmer.js2MBlarge

📜companion_toolbar.js1.2MBlarge

📜google_classroom_page_script.js2KB

📄hello62B

📜lazy_global.js81B

{}manifest.json6KB

📜office365_outer_page.js2KB

🌐offscreen.html321B

🌐options.html303B

🌐popup.html751B

{}rules_global.json323B

📜schoology_page_script.js91KBlarge

What This Extension Does

Kami For Google Chrome is an interactive learning platform that empowers students and enhances teaching, feedback, and assessment. It solves the problem of engaging learners by turning any resource into interactive experiences. The extension is suitable for students, teachers, and school leaders who want to improve student engagement and save time on teaching and grading.

Permissions Explained

webRequestexpected: This permission allows the extension to intercept and modify network requests made by the browser.
Technical: The webRequest API provides access to the browser's request and response data, allowing the extension to inspect, block, or modify HTTP requests. This can be used for legitimate purposes such as ad-blocking or analytics tracking, but also poses a risk if compromised.
tabsexpected: This permission allows the extension to access and manipulate browser tabs.
Technical: The tabs API provides access to tab metadata, such as URL, title, and content. This can be used for legitimate purposes such as tab management or analytics tracking, but also poses a risk if compromised.
webNavigationexpected: This permission allows the extension to intercept and modify browser navigation events.
Technical: The webNavigation API provides access to navigation data, such as URL changes and page loads. This can be used for legitimate purposes such as analytics tracking or ad-blocking, but also poses a risk if compromised.
contextMenusexpected: This permission allows the extension to add custom context menus to the browser.
Technical: The contextMenus API provides access to the browser's context menu system, allowing the extension to inject custom items. This can be used for legitimate purposes such as providing additional functionality or tracking user interactions, but also poses a risk if compromised.
storageexpected: This permission allows the extension to access and modify browser storage data.
Technical: The storage API provides access to browser storage, including cookies, local storage, and session storage. This can be used for legitimate purposes such as storing user preferences or tracking analytics, but also poses a risk if compromised.
declarativeNetRequestexpected: This permission allows the extension to define rules for modifying network requests.
Technical: The declarativeNetRequest API provides a way to define rules for modifying HTTP requests using a declarative syntax. This can be used for legitimate purposes such as ad-blocking or analytics tracking, but also poses a risk if compromised.
scriptingexpected: This permission allows the extension to execute scripts in the browser context.
Technical: The scripting API provides access to the browser's script execution environment, allowing the extension to inject custom code. This can be used for legitimate purposes such as providing additional functionality or tracking user interactions, but also poses a risk if compromised.
offscreenexpected: This permission allows the extension to create off-screen windows and tabs.
Technical: The offscreen API provides access to the browser's window creation system, allowing the extension to create off-screen windows. This can be used for legitimate purposes such as providing additional functionality or tracking user interactions, but also poses a risk if compromised.
printerProviderexpected: This permission allows the extension to provide custom print settings.
Technical: The printerProvider API provides access to the browser's print system, allowing the extension to inject custom print settings. This can be used for legitimate purposes such as providing additional functionality or tracking user interactions, but also poses a risk if compromised.
<all_urls>check this: This permission allows the extension to access and modify all web pages visited by the browser.
Technical: The <all_urls> permission provides access to all web pages, including those loaded in iframes. This poses a significant risk if compromised, as it allows the extension to intercept and modify sensitive data. ⚠ 1

Your Data

The Kami For Google Chrome extension accesses browser storage data, including cookies, local storage, and session storage. It also sends data to various domains, including www.kamiapp.com, web.kamihq.com, api.kamihq.com, tools.kamihq.com, docs.google.com, classroom.google.com, help.kamiapp.com, github.com, drive.google.com, www.canva.com, and react.dev.

Technical Details

domains

www.kamiapp.com
web.kamihq.com
api.kamihq.com
tools.kamihq.com
docs.google.com
classroom.google.com
help.kamiapp.com
github.com
drive.google.com
www.canva.com
react.dev

protocols

http
https

encryption_status

Mixed (some requests are encrypted, others are not)

data_types

cookies
tokens
keystrokes
page content

Code Findings

Function constructor used — dynamic code executionHigh

The extension uses the function constructor to execute dynamic code, which can pose a risk if compromised.

Technical: The extension uses the function constructor to create new functions dynamically. This allows for flexible and dynamic code execution, but also poses a risk if an attacker is able to inject malicious code.

💡 This pattern is commonly used in legitimate extensions for providing additional functionality or tracking user interactions.

innerHTML assignment — potential XSS vectorMedium

The extension assigns innerHTML to an element, which can pose a risk if compromised.

Technical: The extension uses the innerHTML property to assign HTML content to an element. This can be used for legitimate purposes such as rendering dynamic content, but also poses a risk if an attacker is able to inject malicious code.

💡 This pattern is commonly used in legitimate extensions for providing additional functionality or tracking user interactions.

Creates script elements dynamicallyHigh

The extension creates script elements dynamically, which can pose a risk if compromised.

Technical: The extension uses the document.createElement method to create new script elements dynamically. This allows for flexible and dynamic code execution, but also poses a risk if an attacker is able to inject malicious code.

💡 This pattern is commonly used in legitimate extensions for providing additional functionality or tracking user interactions.

Captures keystrokesCritical

The extension captures keystrokes, which can pose a significant risk if compromised.

Technical: The extension uses the keydown event to capture keystrokes. This allows for tracking user interactions, but also poses a significant risk if an attacker is able to inject malicious code.

💡 This pattern is commonly used in legitimate extensions for providing additional functionality or tracking user interactions.

Bottom Line

The Kami For Google Chrome extension has some concerning permissions and behavior, including the use of dynamic code execution, potential XSS vectors, and capture of keystrokes. While it is likely that these features are used for legitimate purposes such as providing additional functionality or tracking user interactions, they also pose significant risks if compromised. Users should exercise caution when installing this extension and regularly review its permissions and behavior to ensure their safety.