Frequently Asked Questions

What is RiskyPlugins?

RiskyPlugins is a comprehensive security platform that analyzes browser extensions, VS Code extensions, and Microsoft 365 applications for security risks. We provide risk scores, detailed security assessments, and actionable insights to help organizations and users make informed decisions about which extensions to install and use.

Our platform uses advanced security research, machine learning models, and sophisticated threat detection to identify potential security issues such as malware, data access violations, permission abuse, and dependency vulnerabilities.

How does risk scoring work?

Our risk scoring system analyzes extensions across multiple dimensions to provide a comprehensive security assessment (0-100 scale, where lower scores indicate lower risk):

• Malware Detection: Scanning for known malware signatures and suspicious code patterns
• Permission Analysis: Evaluating whether requested permissions are appropriate for the extension’s functionality
• Dependency Security: Checking third-party libraries and dependencies for known vulnerabilities
• Code Quality: Assessing coding practices, obfuscation, and potential security weaknesses
• Developer Reputation: Evaluating the extension developer’s history and trustworthiness
• User Feedback: Analyzing user reports, ratings, and security incident history

The final score includes confidence weighting and false positive mitigation to provide accurate, actionable results.

What platforms and marketplaces do you support?

RiskyPlugins supports major extension and application marketplaces including:

• Browser Extensions: Chrome Web Store, Firefox Add-ons, Edge Add-ons
• Code Editor Extensions: Visual Studio Code Marketplace
• Office Applications: Microsoft 365 AppSource
• Other Platforms: We’re continuously expanding support for additional marketplaces

Each marketplace has specific security considerations and extension formats that our specialized analysis engine handles appropriately.

How often do you update your analysis?

Our analysis runs continuously and updates in several ways:

• Real-time Monitoring: New extensions are analyzed as they appear in marketplaces
• Regular Updates: Existing extensions are re-analyzed periodically (typically weekly) for new security findings
• Threat Intelligence Updates: We incorporate new malware signatures and security intelligence as soon as available
• User-Requested Analysis: Users can trigger on-demand analysis of specific extensions
• Automatic Alerts: Our system notifies users of significant security changes in installed extensions

This ensures you always have the most current security information available.

What pricing plans do you offer?

We offer several pricing tiers to meet different needs:

• Free Tier: Basic extension searches and risk assessments for individual users
• Professional: Advanced features, API access, and bulk analysis for teams and small organizations
• Enterprise: Custom solutions, dedicated support, and advanced integrations for large organizations

All plans include our core risk assessment technology. Higher tiers provide additional features like API access, custom security policies, detailed reporting, and priority support. Visit our pricing page or contact [email protected] for detailed information.

Do you offer discounts for educational institutions?

Yes! We offer significant discounts for:

• Educational Institutions: Schools, colleges, and universities
• Non-Profit Organizations: Registered charities and non-profit entities
• Research Organizations: Academic and security research groups
• Open Source Projects: Projects that provide public benefit

Contact us at [email protected] with your organization details and we’ll be happy to discuss special pricing options.

Is there a free trial available?

Yes, we offer a free trial for our Professional plan that includes:

• Full access to all premium features
• API access with generous usage limits
• Bulk extension analysis capabilities
• Advanced reporting and export options
• Priority support during the trial period

The trial allows you to evaluate our platform’s capabilities with no obligation. Visit our website to start your free trial today.

What payment methods do you accept?

We accept various payment methods for your convenience:

• Credit/Debit Cards: Visa, Mastercard, American Express
• Bank Transfers: For enterprise customers and annual billing
• Purchase Orders: Available for qualified enterprise customers
• Digital Wallets: PayPal and other popular digital payment methods

All transactions are processed securely through PCI-compliant payment processors.

Do you provide API access?

Yes, we offer comprehensive API access for Professional and Enterprise customers:

• REST API: Full RESTful API for programmatic access to all platform features
• Webhooks: Real-time notifications for security events and analysis results
• Bulk Operations: Efficient processing of large extension datasets
• SDKs: Official SDKs for popular programming languages (JavaScript, Python, Go)
• Documentation: Comprehensive API documentation with examples and best practices

API access allows you to integrate RiskyPlugins into your existing security workflows, CI/CD pipelines, and internal security tools.

What integrations do you support?

We offer integrations with popular security and development tools:

• SIEM Systems: Export security findings to your SIEM platform
• DevOps Tools: Integrate with CI/CD pipelines and deployment workflows
• Security Platforms: Connect with vulnerability management and security orchestration tools
• Collaboration Tools: Notifications and alerts in Slack, Microsoft Teams, etc.
• Custom Integrations: Webhooks and APIs for building custom integrations

Enterprise customers can work with our team to develop custom integrations for their specific needs.

How accurate is your malware detection?

Our malware detection system combines multiple approaches for high accuracy:

• YARA Rules: Over 10,000 specialized YARA rules for extension malware detection
• Machine Learning: Advanced ML models trained on millions of extension samples
• Static Analysis: Deep code analysis for suspicious patterns and behaviors
• Behavioral Analysis: Understanding extension functionality and potential risks

We maintain a high detection rate while minimizing false positives through our confidence-weighted scoring system. Our research team continuously updates detection methodologies as new threats emerge.

How do you protect my data and privacy?

We take data protection and privacy seriously:

• Encryption: All data is encrypted in transit and at rest using industry-standard encryption
• Privacy-First Design: We collect only necessary data and minimize personal information
• Compliance: Full compliance with New Zealand Privacy Act 2020 and international data protection standards
• Access Controls: Strict role-based access and regular security audits
• Data Minimization: We anonymize and aggregate data whenever possible

Our Privacy Policy provides detailed information about our data practices and your rights.

Do you analyze extensions offline or online?

We use a hybrid approach for optimal security and privacy:

• Offline Analysis: Most analysis occurs in our secure, isolated environments without internet access
• Secure Sandboxes: Extensions run in controlled environments with no access to external systems
• No Execution on User Systems: We never install or run extensions on our users’ systems
• Metadata Analysis: Initial analysis often uses publicly available marketplace metadata
• Controlled Network Access: Any necessary network access is strictly monitored and limited

This approach ensures comprehensive analysis while maintaining security and privacy.

What happens if you find malware in an extension?

When we detect malicious extensions, we follow responsible disclosure practices:

• User Alerts: Immediate notification to affected users in our system
• Marketplace Reporting: Report to relevant extension marketplaces (Google, Mozilla, Microsoft)
• Community Notification: Share anonymized threat intelligence with security community
• Detailed Analysis: Provide comprehensive security reports for our customers
• Remediation Guidance: Offer advice on removal and safer alternatives

We work closely with security researchers and marketplace operators to ensure rapid response to emerging threats.

What kind of support do you offer?

We provide comprehensive support based on your plan:

• Free Tier: Community support through forums and documentation
• Professional: Email support with 48-hour response time and access to knowledge base
• Enterprise: Priority email/phone support, dedicated account manager, and custom SLAs

All customers have access to:

• Comprehensive documentation and API guides
• Video tutorials and best practices
• Community forums and user discussions
• Regular webinars and training sessions
• Security research updates and threat intelligence reports

Where can I find documentation?

We provide extensive documentation resources:

• API Documentation: Complete API reference with examples and code samples
• Getting Started Guide: Step-by-step tutorials for new users
• Best Practices: Security recommendations and implementation guides
• Integration Guides: Detailed instructions for popular tools and platforms
• Security Methodology: Technical details about our risk assessment approach
• FAQ Section: Regularly updated answers to common questions

Visit our documentation portal at docs.riskyplugins.com for all available resources.

Can I request features or report issues?

Absolutely! We welcome feedback and feature requests:

• Feature Requests: Submit ideas through our customer portal or email [email protected]
• Bug Reports: Report technical issues to [email protected] with details
• Security Issues: Report security vulnerabilities to [email protected] for responsible disclosure
• Community Forum: Discuss ideas with other users and our team
• User Advisory Council: Enterprise customers can join our advisory council for direct input on product roadmap

User feedback helps us improve and prioritize features that matter most to our community.

Do you offer enterprise solutions?

Yes, we provide comprehensive enterprise solutions including:

• Custom Deployments: On-premises or private cloud installations
• Custom Security Policies: Tailored risk assessment criteria for your organization
• Advanced Integrations: Custom integrations with your existing security infrastructure
• Training & Consulting: Expert guidance on implementing extension security programs
• Dedicated Support: 24/7 technical support and dedicated account management
• Compliance Reporting: Detailed reports for regulatory compliance and audit requirements

Contact our enterprise team at [email protected] to discuss your specific requirements.

Can you analyze internal/private extensions?

Yes, Enterprise customers can analyze private extensions:

• Secure Upload: Encrypted upload mechanisms for internal extensions
• Private Analysis: Isolated analysis environments for proprietary code
• Custom Scoring: Risk criteria tailored to your organization’s security requirements
• Integration: Connect with internal extension management systems
• Batch Processing: Efficient analysis of large extension portfolios

This helps organizations secure their internal extension ecosystem and custom-developed tools.

How do you handle enterprise compliance requirements?

We support various enterprise compliance needs:

• Audit Trails: Comprehensive logging of all activities and analysis results
• Data Residency: Options for data storage in specific geographic regions
• SOC 2 Compliance: Regular third-party security audits and certifications
• Access Controls: Granular permissions and role-based access management
• Encryption Standards: Industry-standard encryption for data protection
• Regulatory Support: Assistance with GDPR, HIPAA, and other compliance frameworks

Our enterprise features are designed to meet the strict security and compliance requirements of large organizations.