Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key →
← Back to ideas
clawsmith.com/idea/audit-installed-extensions-for-affiliate-link-hijacking
IdeaCompetitiveBROWSER-EXTENSIONAFFILIATESECURITYLive

A browser extension that audits installed extensions for affiliate link hijacking, silent commission theft, and checkout-time code injection

PayPal's Honey extension, installed by 17M+ users, was exposed in December 2024 for silently replacing content creators' affiliate links at checkout, diverting commissions to PayPal instead. MegaLag's expose hit 6M views in 2 days, triggered class action lawsuits, 4M Chrome uninstalls, and forced Google to update Chrome Web Store affiliate policies. No user-facing tool exists that monitors which installed extensions are touching affiliate links, injecting code at checkout, or replacing commission tokens in purchase flows. This extension installs alongside existing tools and surfaces any extension that intercepts or rewrites affiliate parameters before checkout completes.

Demand Breakdown

HN
2,831

Social Proof 3 sources

HN
uBlock Origin GPL code being stolen by team behind Honey browser extension
2025-01-02
1,501HN
Honey has now lost 4M Chrome users after shady tactics were revealed
2025-03-31
991HN
Exposing the Honey Influencer Scam [video]
2024-12-22
339

Gap Assessment

CompetitiveMultiple tools exist but differentiation opportunities remain

4 tools exist (Honey (PayPal), Privacy Badger (EFF), Chrome Extension Source Viewer, CRXcavator) but gaps remain: Honey was the offender, not the solution. It gave users no transparency into its own affiliate tag replacement behavior. No audit layer, no disclosure of which commissions it diverted.; Focused on tracker blocking, not affiliate parameter auditing or checkout-time code injection detection. Does not surface which extensions are modifying purchase flows..

Features2 agent-ready prompts

Runtime extension behavior scanner that monitors network requests and DOM rewrites during checkout to detect affiliate tag replacement
Installed extension trust audit that scores each extension by permission fingerprint and known-malicious behavior patterns from a community-maintained blocklist

Competitive LandscapeFREE

ProductDoesMissing
Honey (PayPal)Coupon-finding browser extension that inserts itself at checkout to apply discount codes. Used by 17M+ users across Chrome, Firefox, Edge.Honey was the offender, not the solution. It gave users no transparency into its own affiliate tag replacement behavior. No audit layer, no disclosure of which commissions it diverted.
Privacy Badger (EFF)Blocks trackers based on behavioral detection. Open-source, maintained by EFF.Focused on tracker blocking, not affiliate parameter auditing or checkout-time code injection detection. Does not surface which extensions are modifying purchase flows.
Chrome Extension Source ViewerLets developers view the source code of installed Chrome extensions from the Web Store listing page.Developer tool only. Requires manual code reading to detect affiliate hijacking. No runtime behavioral monitoring, no plain-language alerts for non-technical users.
CRXcavatorStatic risk scoring for Chrome extensions based on permissions, code patterns, and known malicious indicators.Static analysis only, not runtime behavioral. Does not detect runtime affiliate link replacement because it never executes the extension at checkout. Not consumer-facing.

Leads28BUILDER

@extesy
@tantalor
@jadyoyster
@timshel4
@ilikeboobs
@sitharus
@toomuchtodo
@kelseydh
28 people already want this

Sign in to unlock full access.

Aggregate Score
2,831
28 leads found
Details
TypeProduct Idea
Competitors4
Features2
Issues3
Leads28
Source Signals
All signals →
2.8KHoney browser extension exposed for affiliate link hijacking and creator fraud
Related Ideas
All ideas →
0A CLI tool that scans a running OpenClaw instance for active CVEs, malicious skills, and supply chain tampering before they get exploited0A CLI tool that scans MCP servers for SSRF vulnerabilities, prompt injection paths, and protocol spec violations before they are published to any registry0A browser extension that audits all other installed Chrome extensions for permission changes, ownership transfers, and silent code updates that match known supply-chain attack patterns
Tags
BROWSER-EXTENSIONAFFILIATESECURITYCREATOR-TOOLSCHROMEAUDIT