modcore Inspect

What is modcore Inspect?

modcore Inspect is your proactive security scanner within modcore Extension Manager. It analyzes your installed extensions against an up-to-date database of known conflicts, deprecated extensions, and security risks - helping you identify problems before they cause browser crashes, performance issues, or security vulnerabilities.

Unlike passive security features, Inspect actively compares your extensions against a curated knowledge base maintained by modcore. It detects when you have multiple extensions fighting for control of the same web page features, flags extensions that are no longer maintained or have known security flaws, and identifies specific combinations that are known to cause problems.

Getting Started

When you first open Inspect, you'll see an introduction screen explaining the feature. Click Start Scan to begin your first analysis. The scan typically completes within seconds, examining all your installed extensions against the current database.

After the initial scan, Inspect remembers your results and displays them immediately when you return - provided the data is less than 24 hours old. After that window expires, you'll need to run a fresh scan to get current results.

Understanding Your Scan Results

Inspect organizes findings into clear categories:

Conflicting Extensions are groups of two or more active extensions that interfere with each other. Common examples include multiple ad blockers, overlapping privacy tools, or extensions that modify the same website elements. Each conflict shows:

• The specific group name (like "Ad Blockers" or "VPN Extensions")

• A description of why these extensions conflict

• The risk level (Critical, High, Medium, or Low)

• A recommended action explaining which to keep or how to resolve the conflict

• Every conflicting extension in the group with version and ID information

Deprecated or Risky Extensions are individual extensions flagged for security or maintenance concerns. These might be abandoned by their developers, removed from the Chrome Web Store, or have known vulnerabilities. Each entry includes:

• The specific reason for the flag (outdated, unmaintained, security risk, etc.)

• The security risk level

• Recommended alternatives when available - direct links to safer extensions that provide similar functionality

Ignored Extensions appear in a separate section showing extensions you've chosen to exclude from future scans. This is useful for advanced users who understand a particular conflict but want to keep the extensions anyway.

Taking Action on Issues

For every problematic extension, you have several options:

Disable immediately turns off an extension without uninstalling it. This is the fastest way to resolve conflicts - Inspect keeps the first extension in each conflict group active and offers to disable the others.

Ignore removes an extension from future scan results. Use this when you understand a warning but choose to accept the risk anyway. Ignored extensions move to their own section and won't appear in conflict or deprecated lists again unless you un-ignore them.

Details opens the extension's Chrome settings page for deeper investigation - viewing permissions, site access, or uninstalling completely.

Fix All is a powerful one-click solution that appears when you have multiple issues. It automatically disables all conflicting extensions except the first in each group, and disables all deprecated extensions. Inspect shows you a summary of exactly what will be changed before confirming, and you can always re-enable extensions manually later if needed.

Managing Your Scan Data

Refresh Data fetches the latest conflict database from modcore's servers and re-scans your extensions. Use this when you install new extensions, enable previously disabled ones, or just want the most current security information.

Scan History tracks your recent analyses. Click the timestamp in the header (showing "Last scanned: [date]") to see a popover of your last five scans, including how many conflicts and deprecated extensions were found each time. This helps you spot trends - like if conflicts keep appearing after you thought you fixed them.

Settings let you customize Inspect's behavior:

• Auto-scan on open: Automatically runs a fresh scan when you open Inspect if your cached data has expired

• Show resolved issues: Keeps fixed issues visible in your history for reference

• Cache duration: Adjust how long results remain valid (6, 12, 24, or 48 hours)

• Clear all data: Removes all scan history, cached conflict data, and ignored extensions list

Understanding Risk Levels

Every issue is color-coded by severity:

Critical (red) indicates severe conflicts or security risks that could compromise your browser stability or data safety. These demand immediate attention.

High (orange) represents significant conflicts or concerning security issues that likely impact performance or pose real risks.

Medium (yellow) covers moderate conflicts that may cause occasional issues or extensions with minor concerns.

Low (blue) is informational - minor conflicts or extensions with theoretical risks that probably won't affect daily use.

Privacy and Data Handling

Inspect requires an internet connection to download the conflict database. This database is fetched from modcore's servers and cached locally on your computer. Your actual extension list and scan results never leave your device - modcore's servers don't see which extensions you have installed. Learn more at 'Internet Connection Required' and 'Privacy Policy'

Scan results are stored locally using Chrome's storage API and automatically expire after your chosen cache duration (default 24 hours). No data persists in the cloud or syncs between devices.

Technical Notes

For security researchers and advanced users interested in the implementation:

Conflict Detection Architecture

Inspect operates on a client-server model where the client (your browser) maintains a cached copy of the conflict database fetched from raw.githubusercontent.com/modcoretech/api/main/modcoreEM/extensions.json. The database schema defines:

• conflict_categories: Arrays of extension ID groups with metadata (name, description, recommended_action, conflict_level)

• deprecated_extensions: Objects mapping extension IDs to deprecation metadata (reason, security_risk_level, recommended_action, alternatives array)

The matching algorithm performs set intersection between locally installed extension IDs and database entries. For conflict detection, it identifies categories where ≥2 installed extensions match the category's extension_ids array. For deprecated detection, it performs direct hashmap lookups.

Caching Mechanics

Cache invalidation follows TTL (time-to-live) semantics with configurable duration (default 24 hours). The cache check occurs at initialization:

const isCacheValid = cacheData.cache_timestamp && 

  (Date.now() - cacheData.cache_timestamp < cacheTTL) && 

  cacheData.conflictConfig;

Stale cache handling implements graceful degradation - if the network request fails and cached data exists, the system falls back to stale data with console warning. Only if no cache exists does the system fail hard with user-facing error messaging.

Minimal Data Storage

When storing scan results, the system implements data minimization:

• For clean scans: Stores only status, timestamp, and zero counts

• For issue scans: Stores only extension IDs, names, and risk levels—not full extension metadata

• History retention is capped at 5 entries

This design prevents unbounded storage growth and respects the chrome.storage.local quota.

Security Considerations

The extension fetches remote JSON without cryptographic verification (no signature checking on the conflict database). This trusts the GitHub hosting infrastructure and the modcore repository. The fetch() operates without CORS restrictions due to extension privileges.

The "Fix All" functionality executes chrome.management.setEnabled() calls in parallel using Promise.all(), which could theoretically create race conditions if multiple extensions manage each other's states, though this is unlikely in practice.

Permission Requirements

Inspect requires the management permission to enumerate installed extensions and toggle their enabled states. It does not require storage permission explicitly (inherited from manifest), but relies heavily on the Storage API for caching.

The conflict database URL is hardcoded, preventing MITM attacks via DNS hijacking of a configurable endpoint, though it remains vulnerable to GitHub repository compromise or raw content serving infrastructure attacks.