Ripple Tool
π Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Ripple Tools provide mental health sign posting, in browser
Tags
Privacy Practices
β
Does not sell your data to third parties
β
Does not use data for unrelated purposes
Security Analysis
Permissions
Code Patterns Detected
External Connections
Package Contents 23 files Β· 272KB
βΎ_metadata4KB
verified_contents.json4KB
βΎcss70KB
style.css12KB
style_ask.css12KB
style_ddg.css13KB
style_ecosia.css12KB
style_yahoo.css12KB
style_youtube.css8KB
βΎhtml5KB
basic.html136B
breathe.html4KB
sleep.html891B
βΎimage_assets8KB
βΎicon8KB
128x128_Ripple_Icon.png5KB
16x16_Ripple_Icon.png701B
48x48_Ripple_Icon.png3KB
βΎjs170KB
config.js149B
jquery-3.6.0.min.js87KBlarge
mixpanel.js54KBlarge
queries.js3KB
ripple_analytics.js4KB
spa-handler.js7KB
storage.js3KB
utils.js10KB
manifest.json2KB
popup.js13KB
What This Extension Does
The Ripple Tool extension provides mental health sign posting functionality within a browser, falling under the Lifestyle/Well Being category.Permissions Explained
storage: Allows the extension to read and write data in the user's browser storage, which is standard for extensions that need to store or retrieve user-specific data. This permission is expected for an extension providing personalized mental health resources.- No other permissions are declared beyond
storage.
What We Found in the Code
[medium] innerHTML assignment β potential XSS vector: The use ofinnerHTMLcan be a potential cross-site scripting (XSS) vulnerability if untrusted data is inserted into it. However, without more context, it's difficult to determine if this is an issue here. If used for UI rendering with trusted data, this would not be concerning.[info] Makes HTTP requests: This flag indicates that the extension makes external API calls, which is a normal pattern for extensions interacting with services or retrieving data from the internet. The domains it communicates with (listed below) appear to be related to its functionality.[medium] Potential data exfiltration pattern: This flag suggests that the extension might be sending data outside of what's expected for its declared purpose. However, without more information on what data is being sent and where, it's hard to assess the severity.
External Connections
The extension communicates with:cms.ripplesuicideprevention.com: A domain related to the extension's functionality, suggesting a connection to its content management system.api-js.mixpanel.com,mixpanel.com,cdn.mxpnl.com: These domains are associated with Mixpanel, a service used for analytics and user engagement tracking. Their presence is expected given the extension's need to track user interactions.
Things to Consider
Given the extension's purpose and declared permissions, it seems that most of its functionality aligns with what one would expect from an extension providing mental health resources within a browser. However, the potential data exfiltration pattern warrants closer inspection to understand if the extension is sending more data than necessary for its operation. Users might want to review the extension's privacy policy and consider whether the permissions declared are sufficient for its claimed functionality.Similar Extensions
More in Lifestyle/well Being βA browser extension for customizing the videos per row and to fix big thumbnail issue
Protect your privacy and uphold Islamic values by auto detecting & blurring images and videos of unwanted or impermissibβ¦
The Extension provide Vidmate Features and Updates Status.
Rise above the time-sinks