Hmmm... In the code (https://github.com/andrewmccalip/kickbacks.ai/blob/main/src/...) the extension polls for updated every 90 seconds and has no digital signature verification... So get a bunch of people to install and issue a malicious update and within 90 seconds, your entire user base has it? I'm good