Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 63 users and just 2 ratings, making it difficult to assess community trust. The perfect 5.0 rating is positive but based on minimal feedback. The developer provides a website URL, which adds some transparency, though the extension's newness and low user base limit confidence in its reliability and ongoing support.
The extension requests excessive permissions for its stated purpose of importing content to NotebookLM. The <all_urls> host permission is particularly concerning as it grants access to every website you visit, far beyond what's needed for a NotebookLM importer. The tabs permission allows manipulation of browser tabs, which seems unnecessary for content importing. The combination of broad host permissions with content script injection across all websites creates significant privacy and security risks, as the extension could potentially monitor all browsing activity and inject code into sensitive sites like banking or email platforms.
Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Before installation, verify the developer's legitimacy through their website. Monitor the extension's behavior closely and remove it if you notice any suspicious activity. Given the broad permissions, consider looking for alternative NotebookLM import tools with more limited scope, or manually import content instead of using this extension until it gains more users and trust in the community.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- storage
- tabs
- scripting
Host Permissions:
- https://notebooklm.google.com/*
- <all_urls>
Embedded URLs (8 total):
| https://clients2.google.com/service/update2/crx | https://notebooklm.google.com/ | |
| http://www.w3.org/2000/svg | https://notebooklm.google.com | |
| https://notebooklm-fast-importer.athinker.net | https://example.com/page1
 | |
| https://example.com/page2 | https://www.youtube.com/watch?v= |
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_popup": "popup/popup.html", "default_title": "NotebookLM Fast Importer" }, "version": "1.0.5", "commands": { "quick_import": { "description": "__MSG_cmd_quick_import_desc__", "suggested_key": { "default": "Alt+S" } }, "_execute_action": { "description": "__MSG_cmd_open_popup_desc__", "suggested_key": { "default": "Alt+N" } } }, "background": { "service_worker": "background/service-worker.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDesc__", "permissions": [ "activeTab", "storage", "tabs", "scripting" ], "default_locale": "en", "content_scripts": [ { "js": [ "content/floating-button.js" ], "run_at": "document_idle", "matches": [ "http://*/*", "https://*/*" ], "exclude_matches": [ "*://notebooklm.google.com/*" ] } ], "host_permissions": [ "https://notebooklm.google.com/*", "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "icons/*.png", "icons/*.svg" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.