A quick inspection to its source code already shows a red flag in its include folder contents, namely the link_modifier.js file which contains the following code in its entirity:
It is evident that the developer intended to bypass the AMO validator (when it was running for unlisted addons) by creating a dangerous element via string concatenation. In this file it loads and executes an external script.
I didn’t find any notice/content policy informing the user of this malware-like behavior and don’t think needed to inspect more of the source code after finding that file.
This is a unlisted addon, it is hosted on the developer’s website from what I could gather. Can’t post its link here because it triggers the spam filter but a user posted that link in the reddit thread.
Thanks for that, but there is a problem. When you copied the thread link you also copied the number of clicks the link had, which was 1. This causes the mentioned link to fail when someone tries to open it because it ends with “1”.