Extension Auditor
Extension Auditor
Sign Up
种草星球,TikTok批量建联,达人建联,达人管理,自动提报

种草星球,TikTok批量建联,达人建联,达人管理,自动提报

ID: iboifdppdpoccffklnjmompfeijifjna

Supported Languages

🇨🇳Chinese (Simplified)

Extension Info & Metadata

Status
Active
Version
3.0.1
Size
2.91 MB
Rating
0.0/5
Reviews
0
Users
4
Type
Extension
Updated
Jun 10, 2026
Category
Productivity Tools
Price
Paid
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
Yes
Download CRX
Chrome Web Store
Report Issue

Publisher Contextual Analysis

Trusted
Author
https://www.zcxq.com/View Profile
Privacy
Privacy Policy
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
No
Mailbox exists
Yes
Website
Visit
Total Extensions
1
Active
1
Obsolete
0
Listed
1
Unlisted
0
Total Users
4
Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4

邀约达人、批量报团、样品管理、数据分析等商家店铺运营神器,种草星球-让卖货更高效

电商运营管理神器,实现达人直播视频带货高效对接达人,批量提报团长,帮助商家高效的完成商品推广销售。

Item
Type
Severity
Description
declarativeNetRequest
Permission
Critical
This permission allows the extension to define rules to block, redirect, or modify network requests. Rated Critical because it can control all network traffic, potentially blocking security updates or redirecting to malicious sites.
https://buyin.jinritemai.com/*
Host
Medium
Host permission — access limited to this URL pattern.
https://www.douyin.com/*
Host
Medium
Host permission — access limited to this URL pattern.

This declarativeNetRequest rule matches ALL HTTPS URLs (urlFilter '|https*') — far beyond the extension's declared host_permissions of buyin.jinritemai.com and douyin.com — and overwrites the Content-Security-Policy response header with a single space character, effectively disabling CSP for every website visited in the browser. Stripping CSP globally removes XSS and injection protections from sites that rely on it, a technique used by malicious extensions to enable code injection attacks on banking, email, and other sensitive sites. There is no legitimate justification for an e-commerce operations extension to disable Content Security Policy browser-wide.

js/rules.json (Line 1)
[  {    "id": 1,    "priority": 1,    "condition": {      "urlFilter": "|https*",      "resourceTypes": [        "csp_report",        "font",        "image",        "main_frame",        "media",        "object",        "other",        "ping",        "script",        "stylesheet",        "sub_frame",        "webbundle",        "websocket",        "webtransport",        "xmlhttprequest"      ]    },    "action": {      "type": "modifyHeaders",      "responseHeaders": [        {          "header": "Content-Security-Policy",          "operation": "set",          "value": " "        }      ]    }  }]

By severity

Critical1
High0
Medium0
Low0

Versions scanned

None of the 3 scanned versions have more than one unique code-review finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
No versions with multiple unique findings.

Files with findings

1 distinct path — top paths by unique finding count:

  • js/rules.json1
S.No.
Category
Severity
File
Summary
Found in Version
1Network Interception
critical
js/rules.json (line 1)This declarativeNetRequest rule matches ALL HTTPS URLs (urlFilter '|https*') — far beyond the extension's declared host_permissions of buyin.jinritemai.com and douyin.com — and overwrites the Content-Security-Policy r…
3.0.1
URLs
331
IPv4
2
IPv6
1

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
www.w3.org/1999/02/22-rdf-syntax-nshttp://www.w3.org/1999/02/22-rdf-syntax-ns#
ns.adobe.com/xap/1.0/http://ns.adobe.com/xap/1.0/
ns.adobe.com/xap/1.0/mm/http://ns.adobe.com/xap/1.0/mm/
ns.adobe.com/xap/1.0/sType/ResourceRefhttp://ns.adobe.com/xap/1.0/sType/ResourceRef#
github.com/lzxb/flex.csshttps://github.com/lzxb/flex.css
pl.kuailecx.cn/resource/340/img/agent-bg.pnghttps://pl.kuailecx.cn/resource/340/img/agent-bg.png
pl.kuailecx.cn/resource/340/img/agent-btn-bg.pnghttps://pl.kuailecx.cn/resource/340/img/agent-btn-bg.png
pl.kuailecx.cn/resource/340/img/p1-rank.pnghttps://pl.kuailecx.cn/resource/340/img/p1-rank.png
127.0.0.1/dist/js/chunk-vendors.jshttp://127.0.0.1:5500/dist/js/chunk-vendors.js
127.0.0.1/dist/js/content.jshttp://127.0.0.1:5500/dist/js/content.js
Showing 1 to 10 of 340 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
127.0.0.1
IPv4
-
1.2.3.4
IPv4
-
1:2:3:4:5:6:7:8
IPv6
-
Showing 1 to 3 of 10 rows
Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In