Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key →
← Back to ideas
clawsmith.com/idea/extension-runtime-watchdog
IdeaCompetitivebrowser-extensionsecurityprivacyLive

A browser extension that monitors installed extensions for ownership transfers, permission scope changes, and suspicious outbound data requests in real time

Chrome extensions are a weaponized attack surface with no end-user runtime defense. Three documented incidents expose the gap: Honey hijacked affiliate cookies for millions of users (MegaLag expose: 9.4M YouTube views, 4M Chrome users lost); Urban VPN and 7 related extensions silently intercepted 8M users ChatGPT, Claude, and Gemini conversations and sold them to a data broker via a silent update; QuickLens and ShotBird were purchased by threat actors in Feb 2026 and turned malicious within weeks, stripping CSP headers and injecting remote JS on every page load. The Chrome Web Store review system does not alert existing users when an extension changes ownership or gains new permissions post-install. No consumer-facing tool watches for these events at runtime. This extension sits inside Chrome, monitors every other installed extension for developer/publisher changes, permission manifest diffs, and anomalous outbound network requests (especially to AI conversation endpoints), and surfaces alerts before damage is done.

Demand Breakdown

HN
4,079

Social Proof 4 sources

HN
Honey extension replaced users affiliate cookies at checkout, stealing creator commissions at scale across 17-20M installs with no browser-level detection
1,501HN
Privacy extensions marketed as security tools secretly intercepted and sold 8M users AI conversations with no Chrome alert fired
1,078HN
Chrome users have no runtime alert when an extension they installed changes ownership to a new developer
821HN
Chrome extensions spying on users browsing data with no installed-extension audit tool available to end users
679

Gap Assessment

CompetitiveMultiple tools exist but differentiation opportunities remain

3 tools exist (spin.ai, ExtensionTotal, Chrome Web Store (Google)) but gaps remain: Consumer-grade zero-install-friction product does not exist in their model; Post-install runtime behavioral monitoring is out of scope.

Features3 agent-ready prompts

Extension ownership change detector that polls Chrome Web Store developer fields and fires an in-browser alert when the publisher of any installed extension changes
Real-time outbound network request analyzer that flags anomalous traffic from installed extensions to unknown endpoints, with specific detection for AI conversation endpoint exfiltration
Permission manifest diff engine that detects when a silent extension update adds new permissions and prompts the user to review or remove before the new permission takes effect

Competitive LandscapeFREE

ProductDoesMissing
spin.aiEnterprise extension risk scoring and management platform. Requires IT admin deployment. Does not provide real-time runtime monitoring of outbound requests from installed extensions.Consumer-grade zero-install-friction product does not exist in their model
ExtensionTotalScans Chrome extensions for malicious code patterns before install. Browser-based scanner, not a runtime watchdog. Does not monitor ownership transfers or live outbound traffic after install.Post-install runtime behavioral monitoring is out of scope
Chrome Web Store (Google)Reviews extensions before publish but does not re-review after ownership transfers or silent JS updates. No user-facing alert system for post-install permission changes.The system gap is structural with no consumer-facing runtime watchdog for existing installs

Notable VoicesFREE

YT
@MegaLag9,400,000 likes ·

"9.4M-view expose of Honey affiliate cookie hijacking; directly caused 4M Chrome users to uninstall; triggered Google policy update on affiliate links in extensions; class action filed against PayPal"

WE
@Koi Security1,078 likes · 2025-12-01

"Security firm that exposed Urban VPN and 7 related extensions harvesting 8M users AI conversations and selling to data broker BiScience via silent July 2025 update; published December 2025"

Leads1000BUILDER

@extesy
@takira
@ben_s
@jadyoyster
@miladyincontrol
@SoftTalker
@fylo
@Retr0id
1000 people already want this

Sign in to unlock full access.

Aggregate Score
5,756
1000 leads found
Details
TypeProduct Idea
Competitors3
Features3
Issues4
Leads1000
Source Signals
All signals →
3.2KHoney Browser Extension Exposed: Hijacks Affiliate Links, Steals Influencer Commissions, Copied GPL Code1.5KChrome Extension Ownership Transfer: Trusted Extensions Sold and Weaponized for Code Injection1.1K8M Users' AI Conversations Secretly Harvested and Sold by 'Privacy' Browser Extensions
Related Ideas
All ideas →
0A browser extension that runs an AI browsing agent entirely on the user's own API key with zero data sent to external servers0A browser extension that blocks ads in Chrome under Manifest V3 using network-layer interception outside the browser's declarativeNetRequest limits0A runtime middleware that intercepts OpenClaw skill calls in real-time, profiles their behavior against declared capabilities, and kills execution before data exfiltration or reverse shells complete
Tags
browser-extensionsecurityprivacychromesupply-chainai-conversationsextension-monitoring
Top Voices
YT@MegaLag
9,400,000 likes
WE@Koi Security
1,078 likes