The Influenbase extention is designed to streamline the entire influencer marketing process on TikTok, enabling businesses to easily connect with the right influencers and manage them effectively. Users can analyze product information with a single click using a product link to find relevant influencers, or manually provide product name and description. Additionally, advanced filters such as influencer location, number of followers, engagement rate, and GMV can be used to find the best-matching influencers. To enhance outreach efficiency, the extension supports both bulk email and bulk direct messaging. It also includes an influencer follow-up system that monitors for responses within a specified timeframe and uses AI to send automated replies. These features empower businesses to leverage TikTok influencer marketing effectively, making the process more accessible, efficient, and results-driven.
Flags items that declare overly broad host access patterns, enabling interaction with all websites. This level of access can be exploited to inject scripts into trusted sites and increases the risk of sensitive data exposure, cross-site surveillance, and credential harvesting.
Flags items that request access to user identity or authentication flows. These capabilities may expose session credentials or login behavior, increasing the risk of impersonation, session hijacking, or unauthorized account access.
Flags items published by entities that haven’t gone through the publisher verification process of the marketplace. Lack of verification may indicate higher risk, as the publisher’s identity and trustworthiness are unconfirmed.
AI-powered analysis of the extension's source code for security insights and risk assessment.
The Influenbase Chrome extension is designed to facilitate influencer marketing on TikTok. It provides tools for businesses to connect with influencers, manage communications, and analyze influencer data. The extension supports features like bulk messaging, influencer follow-up, and automated replies using AI.
Side Panel Management: The extension uses chrome.sidePanel.setPanelBehavior to manage the side panel behavior, allowing it to open when the extension icon is clicked.
Authentication: Utilizes chrome.identity.getAuthToken to authenticate users via Google. This involves fetching user information from Google's OAuth2 API:
fetch("https://www.googleapis.com/oauth2/v1/userinfo?alt=json", {
headers: {
Authorization: "Bearer " + token,
},
})
.then((response) => response.json())
.then((userInfo) => {
console.log("User Info:", userInfo);
})
.catch((error) => console.error("Error fetching user info:", error));
Installation Tracking: On installation, the extension logs installation details and stores UTM parameters in chrome.storage.sync.
Tab and Window Management: The extension frequently interacts with browser tabs and windows using chrome.tabs and chrome.windows APIs to open, update, and close tabs based on user actions and extension features.
Messaging and Communication: Implements a robust messaging system using chrome.runtime.onMessage.addListener to handle various tasks like opening history, checking TikTok login status, and managing influencer details.
Network Activity: The extension makes network requests to fetch user information and potentially interact with TikTok URLs for influencer data.
Data Storage and Retrieval: Uses chrome.storage.sync to store and retrieve data such as UTM parameters and channel information.
OAuth Token Handling: The extension handles OAuth tokens, which are sensitive. However, there is no indication of misuse or unauthorized data exfiltration.
Network Requests: The extension makes network requests to Google's API and TikTok URLs. These appear to be legitimate and necessary for the extension's functionality.
Tab and Window Manipulation: The extension frequently manipulates browser tabs and windows, which is typical for its intended functionality but could be leveraged for malicious purposes if not properly controlled.
The code appears to be focused on its stated purpose of enhancing influencer marketing on TikTok. There are no strong indicators of malicious behavior, such as unauthorized data exfiltration or backdoors. The extension's network activity, API usage, and data handling align with its functionality description.
API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.
Any encoded/decoded secrets we managed to find in the source code, git repository, or related files
Known vulnerabilities and security issues detected in the extension's dependencies and code.
Any identifiers we detected that may indicate external communication from the item's code
Dependencies and third-party libraries used by the extension, including version information and license details.
Compliance status and certifications for the extension and its publisher