A browser extension that audits installed extensions for affiliate link hijacking, silent commission theft, and checkout-time code injection

PayPal's Honey extension, installed by 17M+ users, was exposed in December 2024 for silently replacing content creators' affiliate links at checkout, diverting commissions to PayPal instead. MegaLag's expose hit 6M views in 2 days, triggered class action lawsuits, 4M Chrome uninstalls, and forced Google to update Chrome Web Store affiliate policies. No user-facing tool exists that monitors which installed extensions are touching affiliate links, injecting code at checkout, or replacing commission tokens in purchase flows. This extension installs alongside existing tools and surfaces any extension that intercepts or rewrites affiliate parameters before checkout completes.

Demand Breakdown

2,831

Social Proof 3 sources

uBlock Origin GPL code being stolen by team behind Honey browser extension

2025-01-02

1,501 HN

Honey has now lost 4M Chrome users after shady tactics were revealed

2025-03-31

991 HN

Exposing the Honey Influencer Scam [video]

2024-12-22

339

Gap Assessment

CompetitiveMultiple tools exist but differentiation opportunities remain

4 tools exist (Honey (PayPal), Privacy Badger (EFF), Chrome Extension Source Viewer, CRXcavator) but gaps remain: Honey was the offender, not the solution. It gave users no transparency into its own affiliate tag replacement behavior. No audit layer, no disclosure of which commissions it diverted.; Focused on tracker blocking, not affiliate parameter auditing or checkout-time code injection detection. Does not surface which extensions are modifying purchase flows..

Features2 agent-ready prompts

Runtime extension behavior scanner that monitors network requests and DOM rewrites during checkout to detect affiliate tag replacement

▶

Installed extension trust audit that scores each extension by permission fingerprint and known-malicious behavior patterns from a community-maintained blocklist

▶

Competitive LandscapeFREE

Product	Does	Missing
Honey (PayPal)	Coupon-finding browser extension that inserts itself at checkout to apply discount codes. Used by 17M+ users across Chrome, Firefox, Edge.	Honey was the offender, not the solution. It gave users no transparency into its own affiliate tag replacement behavior. No audit layer, no disclosure of which commissions it diverted.
Privacy Badger (EFF)	Blocks trackers based on behavioral detection. Open-source, maintained by EFF.	Focused on tracker blocking, not affiliate parameter auditing or checkout-time code injection detection. Does not surface which extensions are modifying purchase flows.
Chrome Extension Source Viewer	Lets developers view the source code of installed Chrome extensions from the Web Store listing page.	Developer tool only. Requires manual code reading to detect affiliate hijacking. No runtime behavioral monitoring, no plain-language alerts for non-technical users.
CRXcavator	Static risk scoring for Chrome extensions based on permissions, code patterns, and known malicious indicators.	Static analysis only, not runtime behavioral. Does not detect runtime affiliate link replacement because it never executes the extension at checkout. Not consumer-facing.