Extension Details
Context-Aware Verdict
The extension has a moderate user base of 10,000 users but a concerning rating of only 3.7 out of 5 stars from 21 reviews, suggesting user dissatisfaction. The developer domain gscopilot.com appears to be a specialized service for Google Apps Script assistance, which aligns with the extension's purpose. However, the relatively low rating raises questions about the extension's quality or trustworthiness.
The extension requests excessive permissions that far exceed what would be necessary for a Google Apps Script assistant. The identity permission allows access to your Google account information, while the cookies permission can read and modify all browser cookies across sites. The combination of these permissions with access to Google's authentication domains creates significant privacy and security risks. The broad host permissions and access to sensitive Google domains (script.google.com and accounts.google.com) could enable unauthorized access to your Google Apps Script projects and account credentials.
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with minimal personal data and no saved passwords. Consider alternative Google Apps Script tools that require fewer permissions. Monitor your Google account activity closely if you choose to proceed. The permission set suggests potential overreach that could compromise your Google account security and broader web browsing privacy.
Findings
Security Analysis Details
Required Permissions:
- storage
- notifications
- cookies
- identity
- sidePanel
- cookies
- unlimitedStorage
Host Permissions:
- https://script.google.com/*
- https://accounts.google.com/
- https://home.gscopilot.com/*
Embedded URLs (57 total):
| https://gscopilot.com | https://home.gscopilot.com | |
| https://ai.gscopilot.com | https://stripe-custom-subscription.vercel.app/create-checkout-session | |
| https://stripe-custom-subscription.vercel.app/customer-portal | https://stripe-custom-subscription.vercel.app/get-checkout-session | |
| https://github.com/uuidjs/uuid#getrandomvalues-not-supported | https://home.gscopilot.com/logo.png | |
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://loading.io | https://clients2.google.com/service/update2/crx | |
| https://script.google.com/home | https://script.google.com/home/ | |
| https://script.google.com/ | https://accounts.google.com/ | |
| https://home.gscopilot.com/ | http://fb.me/use-check-prop-types | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://jedwatson.github.io/classnames | |
| https://github.com/babel/babel/blob/main/packages/babel-helpers/LICENSE | https://tailwindcss.com | |
| https://github.com/mozdevs/cssremedy/issues/4 | https://github.com/tailwindcss/tailwindcss/pull/116 | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=190655 | https://bugs.chromium.org/p/chromium/issues/detail?id=999088 | |
| https://bugs.webkit.org/show_bug.cgi?id=201297 | https://bugs.chromium.org/p/chromium/issues/detail?id=935729 | |
| https://bugs.webkit.org/show_bug.cgi?id=195016 | https://github.com/mozilla/gecko-dev/blob/2f9eacd9d3d995c937b4251a5557d95d494c9be1/layout/style/res/forms.css#L728-L737 | |
| https://github.com/tailwindlabs/tailwindcss/issues/3300 | https://github.com/mozdevs/cssremedy/issues/14 | |
| https://github.com/jensimmons/cssremedy/issues/14#issuecomment-634934210 | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1999/xhtml | http://www.w3.org/1998/Math/MathML | |
| https://reactjs.org/link/react-polyfills | https://github.com/date-fns/date-fns/blob/master/docs/upgradeGuide.md#string-arguments | |
| https://github.com/date-fns/date-fns/blob/master/docs/unicodeTokens.md | https://home.gscopilot.com/terms | |
| https://home.gscopilot.com/privacy | https://bytelogist.com/ | |
| https://www.GoogleScriptCopilot.com/termsandconditions | https://www.GoogleScriptCopilot.com/privacypolicy | |
| https://home.gscopilot.com/roadmap | https://home.gscopilot.com/guide | |
| https://chat.whatsapp.com/HraVeJOkTSjAIrJ1HluJYb | https://www.youtube.com/watch?v= | |
| https://youtube.com/playlist?list=PLiROKeE_2SCczDigDV112aE3DcQaowpzA&si=sZarF5CS7_TWM0wd | https://youtu.be/Tr5NM7KvWR0?si=NclcW10_swlNP41I | |
| https://youtu.be/5WHlnT3I6I8?si=_iGFA_ndaKXpSmYN | https://youtu.be/Xsnd5Auj9k8?si=SFZyr6HlP2YgQjQy | |
| https://fonts.googleapis.com/css2?family=Roboto&display=swap | https://github.com/highlightjs/highlight.js/issues/2277 | |
| https://github.com/highlightjs/highlight.js/issues/2534 | https://github.com/highlightjs/highlight.js/issues/2559 | |
| https://github.com/highlightjs/highlight.js/pull/2844 |
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "128": "main.png" }, "action": { "default_icon": "main4.png", "default_popup": "popup.html" }, "oauth2": { "scopes": [ "email", "profile", "openid" ], "client_id": "563974935161-k8111nhq5el64k8d8trggmmnp37h44s0.apps.googleusercontent.com" }, "version": "2.1.0", "commands": { "addToChat": { "description": "Add to Chat", "suggested_key": { "default": "Ctrl+Q" } } }, "background": { "service_worker": "background.bundle.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDescription__", "permissions": [ "storage", "notifications", "cookies", "identity", "sidePanel", "cookies", "unlimitedStorage" ], "default_locale": "en", "content_scripts": [ { "js": [ "contentScript.bundle.js" ], "css": [ "reactsuite.min.css", "content.styles.css" ], "run_at": "document_start", "matches": [ "https://script.google.com/home", "https://script.google.com/home/*", "https://script.google.com/*" ] } ], "host_permissions": [ "https://script.google.com/*", "https://accounts.google.com/", "https://home.gscopilot.com/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "<all_urls>" ] }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "inject.js", "add_3.png", "more_3.png", "history_3.png", "banner.png", "send.png", "stop1.png", "ahsan.jpg", "loader.svg", "loader2.svg", "loader3.svg", "loader4.svg", "main.png", "main4.png", "user.png", "chat.png", "star.png", "magic.png", "copyIcon.png", "add.png", "star_2.png", "watch.png", "rightArrow.png", "mark.png", "cursor-plus.png", "del.png", "back.png", "append.png", "replace.png", "preppend.png", "current.png", "inline.svg", "inline-disabled.svg", "code_completion.png", "code_completion_disable.png", "code_completion_disable_2.png", "thumbs-up.png", "negative-vote.png" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.