Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 332 users and a single 5-star rating, making it difficult to assess reliability through community feedback. The developer "mcat.tools" appears to be associated with MCAT preparation tools, which provides some context for the extension's purpose. However, the lack of detailed developer information and minimal user base raises concerns about accountability and transparency.
The extension requests extremely broad permissions that seem excessive for an MCAT study companion. The <all_urls> host permission allows access to every website you visit, while the cookies permission enables reading and modifying authentication data across all sites. The combination of these permissions creates significant privacy and security risks, as the extension could potentially track your browsing habits, access sensitive account information, or modify login credentials. The localhost permission suggests development/testing functionality that shouldn't be present in a production extension.
Consider running this extension in a separate Chrome profile dedicated solely to MCAT study activities to limit exposure. Before installation, contact the developer to understand why such broad permissions are necessary for MCAT preparation features. Monitor your browser's activity and consider using incognito mode when accessing sensitive sites. Given the high-risk permission combination and limited user base, you may want to explore alternative MCAT study tools with more restrictive permissions and established user communities.
Findings
Security Analysis Details
Required Permissions:
- cookies
- activeTab
- sidePanel
Host Permissions:
- https://mcat.tools/*
- http://localhost/*
- <all_urls>
Embedded URLs (19 total):
| http://www.w3.org/2000/svg | https://mcat.tools | |
| https://clients2.google.com/service/update2/crx | https://mcat.tools/ | |
| https://github.com/focus-trap/tabbable/blob/master/LICENSE | https://svelte.dev/e/effect_in_teardown | |
| https://svelte.dev/e/effect_in_unowned_derived | https://svelte.dev/e/effect_orphan | |
| https://svelte.dev/e/effect_update_depth_exceeded | https://svelte.dev/e/hydration_failed | |
| https://svelte.dev/e/props_invalid_value | https://svelte.dev/e/state_descriptors_fixed | |
| https://svelte.dev/e/state_prototype_fixed | https://svelte.dev/e/state_unsafe_local_read | |
| https://svelte.dev/e/state_unsafe_mutation | https://svelte.dev/e/hydration_mismatch | |
| https://svelte.dev/e/lifecycle_outside_component | https://example.com | |
| http://www.w3.org/1999/xhtml |
Raw Manifest
{ "name": "MCAT.tools Companion", "icons": { "16": "icon16.png", "32": "icon32.png", "48": "icon48.png", "128": "icon128.png" }, "action": { "default_icon": "icon128.png", "default_title": "MCAT.tools Companion" }, "version": "1.0.0.315", "background": { "service_worker": "background.js" }, "side_panel": { "default_path": "index.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Quickly access your daily MCAT study plan or save question insights to your Review Journal — all from your browser.", "permissions": [ "cookies", "activeTab", "sidePanel" ], "host_permissions": [ "https://mcat.tools/*", "http://localhost/*", "<all_urls>" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.