If you discover a security vulnerability in crx-forensics, please report it privately to: jz8root@proton.me

Do not file a public issue. I will respond within 7 days.

This tool performs static analysis only — it does not execute extension code, connect to external services, or modify the analyzed files.

If you find a way to cause code execution through a crafted .crx input, that is a critical vulnerability and should be reported immediately.