1) “identified as risky” seems like it could hide some significant complexity (and room for error).
2) An extension might need to read from the keyboard. I don’t want to OK it every time. If I check once and then mark it as OK, I’d be worried that it could do something evil with that permission somehow, in a far-flung bit of the code.
I'm not saying a popover modal, I'm saying a toast notification or a status-bar icon. Non-blocking.
Like, when you're typing and it's being monitored: in the corner of the window it says"Extension TweetSyndicator is reading your keyboard. Click here to manage extension."
1) “identified as risky” seems like it could hide some significant complexity (and room for error).
2) An extension might need to read from the keyboard. I don’t want to OK it every time. If I check once and then mark it as OK, I’d be worried that it could do something evil with that permission somehow, in a far-flung bit of the code.