extension-review

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Extension Review (Pre-Submission Scanner)

扩展程序审核（提交前扫描工具）

Scan extension source code and predict Chrome Web Store rejection risks. Generate a clear report.

Reference: https://developer.chrome.com/docs/webstore/troubleshooting

扫描扩展程序源代码，预测Chrome网上应用店的拒绝风险，生成清晰的报告。

参考文档：https://developer.chrome.com/docs/webstore/troubleshooting

Workflow (Execute This)

工作流程（执行步骤）

Step 1: Ask report format

步骤1：询问报告格式

Ask user: Markdown or HTML report? (default: Markdown)

询问用户：报告格式选择Markdown还是HTML？（默认：Markdown）

Step 2: Locate and scan extension

步骤2：定位并扫描扩展程序

bash

undefined

bash

undefined

Find extension root

查找扩展程序根目录

ls manifest.json wxt.config.ts plasmo.config.ts package.json 2>/dev/null

undefined

ls manifest.json wxt.config.ts plasmo.config.ts package.json 2>/dev/null

undefined

Step 3: Run all checks

步骤3：运行所有检查项

Execute these scans in order (see

references/scan-checklist.md

for grep patterns):

#	Check	Violation Code	Severity
1	Remote code execution (eval, external scripts)	Blue Argon	CRITICAL
2	Code obfuscation (base64, char encoding)	Red Titanium	CRITICAL
3	Excessive/unused permissions	Purple Potassium	HIGH
4	Missing privacy policy	Purple Lithium	HIGH
5	Missing metadata (icons, description, screenshots)	Yellow Zinc	HIGH
6	Single purpose violation	Red Magnesium	HIGH
7	Deceptive behavior (description ≠ functionality)	Red Nickel	HIGH
8	Insecure data transmission (HTTP)	Purple Copper	HIGH
9	Keyword stuffing in manifest	Yellow Argon	MEDIUM
10	Minimum functionality check	Yellow Potassium	MEDIUM
11	Undisclosed affiliate links	Grey Titanium	MEDIUM
12	Cryptocurrency mining code	Grey Silicon	CRITICAL
13	Copyright circumvention (download helpers)	Blue Zinc	CRITICAL
14	Notification spam patterns	Yellow Nickel	MEDIUM
15	Data collection without consent	Purple Nickel	HIGH

按顺序执行以下扫描（扫描规则见

references/scan-checklist.md

中的grep匹配模式）：

序号	检查项	违规代码	严重程度
1	远程代码执行（eval、外部脚本）	Blue Argon	CRITICAL
2	代码混淆（base64、字符编码）	Red Titanium	CRITICAL
3	权限过度/未使用权限	Purple Potassium	HIGH
4	缺失隐私政策	Purple Lithium	HIGH
5	缺失元数据（图标、描述、截图）	Yellow Zinc	HIGH
6	违反单一用途规则	Red Magnesium	HIGH
7	欺骗性行为（描述与功能不符）	Red Nickel	HIGH
8	不安全的数据传输（HTTP）	Purple Copper	HIGH
9	清单文件中关键词堆砌	Yellow Argon	MEDIUM
10	最低功能检查	Yellow Potassium	MEDIUM
11	未披露的联盟链接	Grey Titanium	MEDIUM
12	加密货币挖矿代码	Grey Silicon	CRITICAL
13	规避版权（下载辅助工具）	Blue Zinc	CRITICAL
14	通知垃圾信息模式	Yellow Nickel	MEDIUM
15	未经同意收集数据	Purple Nickel	HIGH

Step 4: Generate report

步骤4：生成报告

Output report using template in

references/report-template.md

Report structure per issue:

undefined

使用

references/report-template.md

中的模板输出报告。

每个问题的报告结构：

undefined

Issue: [Name]

问题：[问题名称]

Severity: CRITICAL / HIGH / MEDIUM
Violation Code: [Chrome code, e.g. Blue Argon]
Root Cause: [What in your code triggers this]
File(s): [Exact file paths and line numbers]
Solution: [Step-by-step fix]


**Report summary:**

Severity	Count
CRITICAL	X
HIGH	X
MEDIUM	X
PASS	X

Verdict: LIKELY APPROVED / NEEDS FIXES / WILL BE REJECTED

undefined

严重程度：CRITICAL / HIGH / MEDIUM
违规代码：[Chrome官方代码，例如Blue Argon]
根本原因：[代码中触发该问题的内容]
涉及文件：[具体文件路径及行号]
解决方案：[分步修复指南]


**报告摘要：**

严重程度	数量
CRITICAL	X
HIGH	X
MEDIUM	X
PASS	X

结论：大概率通过审核 / 需要修复问题 / 将会被拒绝

undefined

Step 5: Save report

步骤5：保存报告

Markdown: save as
```
extension-review-report.md
```
in project root
HTML: save as
```
extension-review-report.html
```
with simple, readable styling

Markdown格式：保存到项目根目录，命名为
```
extension-review-report.md
```
HTML格式：保存为
```
extension-review-report.html
```
，采用简洁易读的样式

References

参考资料

```
references/scan-checklist.md
```
— Grep patterns and detection logic for all 15 checks
```
references/violation-codes.md
```
— All Chrome Web Store violation codes with descriptions
```
references/report-template.md
```
— Markdown and HTML report templates

```
references/scan-checklist.md
```
— 15项检查的grep匹配模式及检测逻辑
```
references/violation-codes.md
```
— 所有Chrome网上应用店违规代码及说明
```
references/report-template.md
```
— Markdown和HTML报告模板