Enterprise-grade security scoring for Chrome extensions, VS Code plugins, npm packages, and MCP servers. The same depth of risk analysis that leading security teams run — delivered in seconds, not weeks.
Example scan result — every tool gets a full breakdown like this
Tools Scanned
Scanner Engines
Avg Score
To Start
Paste a Chrome extension ID, VS Code extension, npm package name, or MCP server
Try: · ·
Every tool is evaluated across four dimensions, combined into a single 0–10 risk score
How much access does this tool request — and does it need it?
Is the developer verified, established, and transparent?
Where does your data go, and is it encrypted in transit?
Does it have a privacy policy, terms, and proper disclosures?
Whatever tools your stack depends on, we can analyze them
Analyze permissions, data access, and developer trust signals
Manifest V2 & V3Inspect marketplace extensions for risky capabilities
Full API auditAudit install scripts, dependencies, and maintainer signals
Deep dependency scanEvaluate Model Context Protocol tools and transport security
Transport analysisThree steps, under 30 seconds
Chrome extension ID, VS Code plugin name, npm package, or MCP server — just paste it in.
Permissions, data flows, developer history, privacy policies — all examined automatically.
A 0–10 composite score with full breakdown, risk flags, and actionable insights.
From solo developers to enterprise security teams
Vet extensions and packages before installing. Get a quick risk read on anything you add to your stack.
Free — 3 scans/dayMonitor your org's approved tool list. Track score changes over time. API access for automation.
Pro — $8/moTeam dashboards, shared watchlists, and CI/CD integration to block risky tools before they deploy.
Org — $19/moGet an aggregate security score across all your installed Chrome extensions. One number that tells you where you stand — shareable, comparable, actionable.
Get Your Browser ScoreNo credit card required. 3 free scans per day. Upgrade anytime for unlimited scans, monitoring, and API access.
Get notified about new features and security insights