Ntko office document control browser plug-in.

Name: Security Analysis: Ntko office document control browser plug-in.
Item: Ntko office document control browser plug-in.
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 800K+ users

📦 v1.8.7

💾 20.07KiB

📅 2025-06-19

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

The ability to use ntko office document controls on browsers.

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v1.8.7 Info Scanned Mar 6, 2026

Security Analysis — Ntko office document control browser plug-in.

Analyzed v1.8.7 · Mar 6, 2026 · 2 JS files · 11 KB scanned

Permissions

Code Patterns Detected

Package Contents 8 files · 27KB

▾📁_locales

▾📁en_US

{}messages.json220B

▾📁zh_CN

{}messages.json202B

▾📁_metadata2KB

{}verified_contents.json2KB

▾📁background11KB

📜background.js10KB

📜ntko-background.js1KB

▾📁icons11KB

🖼ntko.png11KB

▾📁metadata2KB

{}verified_contents.json2KB

{}manifest.json905B

What This Extension Does

The Ntko office document control browser plug-in allows users to use ntko office document controls on their browsers, enhancing productivity for developers. However, it has some concerning permissions and behaviors that need attention.

Permissions Explained

nativeMessagingcheck this: This permission lets the extension communicate with native applications on your device.
Technical: The extension uses nativeMessaging to access Chrome's native messaging API, which allows it to interact with system-level processes. This poses a critical risk if compromised, as it could lead to unauthorized system modifications or data exfiltration. ⚠ 1
tabsexpected: This permission lets the extension access and manipulate browser tabs.
Technical: The extension uses the tabs API to read and modify tab metadata, which could be used for malicious purposes such as tab hijacking or data theft. However, this is a medium-risk concern as it's primarily used for legitimate functionality.
cookiescheck this: This permission lets the extension read and write cookies on your device.
Technical: The extension uses the cookies API to access and modify browser cookies, which could be used for malicious purposes such as session hijacking or tracking. This is a high-risk concern due to the sensitive nature of cookie data. ⚠ 1
http://*/check this: This permission lets the extension access and manipulate HTTP requests on your device.
Technical: The extension uses the http API to intercept and modify HTTP requests, which could be used for malicious purposes such as data tampering or man-in-the-middle attacks. This is a high-risk concern due to the potential for data exfiltration. ⚠ 1
https://*/check this: This permission lets the extension access and manipulate HTTPS requests on your device.
Technical: The extension uses the https API to intercept and modify HTTPS requests, which could be used for malicious purposes such as data tampering or man-in-the-middle attacks. This is a high-risk concern due to the potential for data exfiltration. ⚠ 1

Your Data

The extension accesses browser cookies and uses nativeMessaging to communicate with system-level processes, potentially exposing sensitive user data. It also sends requests to http://*/ and https://*/ domains.

Technical Details

The extension contacts the following domains: http://*/ and https://*/. It uses the cookies API to access and modify browser cookies, which could be used for malicious purposes such as session hijacking or tracking. The nativeMessaging API is used to interact with system-level processes, posing a critical risk if compromised.

Code Findings

Native Messaging AccessCritical

This extension has access to your device's native messaging system, which could be used for malicious purposes.

Technical: The extension uses the nativeMessaging API to interact with system-level processes, potentially allowing unauthorized data exfiltration or system modifications.

💡 Legitimate extensions may use nativeMessaging for legitimate purposes such as integrating with system-level services.

Cookie AccessHigh

This extension has access to your browser cookies, which could be used for malicious purposes such as session hijacking or tracking.

Technical: The extension uses the cookies API to read and modify browser cookies, potentially allowing unauthorized data theft or manipulation.

💡 Legitimate extensions may use cookie access for legitimate purposes such as authentication or personalization.

HTTP Request InterceptionHigh

This extension has the ability to intercept and modify HTTP requests on your device, which could be used for malicious purposes such as data tampering or man-in-the-middle attacks.

Technical: The extension uses the http API to intercept and modify HTTP requests, potentially allowing unauthorized data exfiltration or manipulation.

💡 Legitimate extensions may use HTTP request interception for legitimate purposes such as caching or content filtering.

Event ListenersInfo

This extension sets up event listeners to monitor browser activity, which is a common practice for legitimate extensions.

Technical: The extension uses the addEventListener method to set up event listeners on various browser events, such as page loads and navigation.

💡 Legitimate extensions often use event listeners to respond to user interactions or browser events.

Bottom Line

This extension has concerning permissions and behaviors that need attention. Users should exercise caution when installing this extension, especially considering its access to sensitive data such as cookies and nativeMessaging. We recommend users carefully review the extension's functionality and permissions before installation.