Missing ACL 

The extension currently does not use ACL rules, which means that users who only have a limited backend account cannot see the module and cannot be authorized to do so.

This is not in line with Magento best practices.  

https://devdocs.magento.com/guides/v2.3/ext-best-practices/tutorials/create-access-control-list-rule.html