Extension Details
Context-Aware Verdict
The extension has a very small user base of only 66 users, which limits community vetting. The 4.5-star rating provides some positive indication, but with such few users, this rating may not be statistically significant. The lack of visible author and developer information raises transparency concerns. The extension targets Microsoft Loop, a legitimate productivity platform, which suggests a potentially useful purpose.
The tabs permission is excessive for a simple markdown converter that should only need to access the current Loop page. This permission allows the extension to view and manipulate all browser tabs, creating privacy and security risks. The broad host permissions for Microsoft Loop domains, while more targeted than universal access, still provide extensive access across Loop's infrastructure. The activeTab and storage permissions are reasonable for the stated functionality, but combined with tabs permission, they create a concerning permission profile.
Given the high risk level, consider running this extension in a separate Chrome profile dedicated to Loop-related work to isolate potential security impacts. Before installing, verify the extension's necessity - check if Loop already has built-in markdown export features. If you must use it, regularly review the extension's behavior and remove it when not actively needed. Consider waiting for the extension to gain more users and reviews before installation, or look for alternative solutions from more established developers.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- scripting
- tabs
- storage
Host Permissions:
- https://loop.cloud.microsoft/*
Embedded URLs (11 total):
| http://www.w3.org/2000/svg | https://www.canva.com | |
| https://www.figma.com | https://favicon.io | |
| http://stuartk.com/jszip | https://raw.github.com/Stuk/jszip/main/LICENSE.markdown. | |
| https://github.com/nodeca/pako/blob/main/LICENSE | https://stuk.github.io/jszip/documentation/howto/read_zip.html | |
| https://clients2.google.com/service/update2/crx | https://loop.cloud.microsoft/ | |
| https://loop.cloud.microsoft/print |
Raw Manifest
{ "name": "Loop to Markdown Converter", "icons": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_icon": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "default_popup": "popup.html" }, "version": "1.0.0", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Export Microsoft Loop workspaces to Markdown", "permissions": [ "activeTab", "scripting", "tabs", "storage" ], "content_scripts": [ { "js": [ "content.js" ], "run_at": "document_idle", "matches": [ "https://loop.cloud.microsoft/*" ], "exclude_matches": [ "https://loop.cloud.microsoft/print*" ] }, { "js": [ "print-blocker.js" ], "world": "MAIN", "run_at": "document_start", "matches": [ "https://loop.cloud.microsoft/print*" ], "all_frames": false }, { "js": [ "print-capture.js" ], "run_at": "document_idle", "matches": [ "https://loop.cloud.microsoft/print*" ], "all_frames": false } ], "host_permissions": [ "https://loop.cloud.microsoft/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "markdown-generator.html", "loop-to-markdown-lib.js", "jszip.min.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.