The problem with any chrome extension is that there's no guarantee that the git repo matches the bag of bits that you're installing. No-prompt auto-updates exacerbate the issue.
Installation of software will always require a leap of faith that the publisher doesn't have ill intent.
You can install the extension directly from a cloned copy of the Github repo (basically as if you were the extension developer). No auto-updates or anything since it's just loaded from some files on your disk. Chrome will nag you about it from time to time though since getting people to install unsigned extensions is a common attack vector.
Thanks for sharing, but that's yet another publisher I have to trust with "read and change your data on clients2.google.com, read your browsing history, manage your downloads."
It'd be great if chrome and firefox allowed open source chrome extensions to be compared with their git source tree, possibly with diffs between releases.
Still, though, how many people will go through that effort?
Installation of software will always require a leap of faith that the publisher doesn't have ill intent.