Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 347 users and a single 5-star rating, making it difficult to assess community trust. The developer "mcat.tools" appears to be associated with MCAT preparation tools, which is a legitimate educational niche. However, the low user base and minimal rating history provide insufficient validation of the extension's reliability and safety.
The most significant concern is the <all_urls> host permission, which grants the extension access to every website you visit. This is extremely broad for what appears to be a companion tool for a specific MCAT preparation website. The cookies permission combined with universal website access creates a powerful surveillance capability that could track your browsing habits across all sites. These permissions seem excessive for a study companion tool that should primarily interact with mcat.tools domain only.
The extension's newness (version 1.0.0.290) and lack of established reputation add to the risk profile.
Consider running this extension in a separate Chrome profile dedicated to MCAT study activities only. This isolates potential privacy risks from your main browsing. Before installing, contact the developer to understand why such broad permissions are necessary. Monitor the extension's behavior and remove it immediately if you notice unexpected activity. Consider using the mcat.tools website directly without the extension until it gains more users and reviews.
Findings
Security Analysis Details
Required Permissions:
- cookies
- activeTab
Host Permissions:
- https://mcat.tools/*
- <all_urls>
Embedded URLs (21 total):
| http://www.w3.org/2000/svg | https://mcat.tools/api/userStudyPlanItems/ | |
| https://mcat.tools | https://stage.mcat.tools/api/extension/spItems/ | |
| https://github.com/focus-trap/tabbable/blob/master/LICENSE | https://example.com | |
| http://www.w3.org/1999/xhtml | https://svelte.dev/e/effect_in_teardown | |
| https://svelte.dev/e/effect_in_unowned_derived | https://svelte.dev/e/effect_orphan | |
| https://svelte.dev/e/effect_update_depth_exceeded | https://svelte.dev/e/hydration_failed | |
| https://svelte.dev/e/props_invalid_value | https://svelte.dev/e/state_descriptors_fixed | |
| https://svelte.dev/e/state_prototype_fixed | https://svelte.dev/e/state_unsafe_local_read | |
| https://svelte.dev/e/state_unsafe_mutation | https://svelte.dev/e/hydration_mismatch | |
| https://svelte.dev/e/lifecycle_outside_component | https://clients2.google.com/service/update2/crx | |
| https://mcat.tools/ |
Raw Manifest
{ "name": "MCAT.tools Companion", "icons": { "16": "icon16.png", "32": "icon32.png", "48": "icon48.png", "128": "icon128.png" }, "action": { "default_icon": "icon128.png", "default_popup": "index.html", "default_title": "MCAT.tools Companion" }, "version": "1.0.0.290", "update_url": "https://clients2.google.com/service/update2/crx", "description": "Quickly access your daily MCAT study plan or save question insights to your Review Journal — all from your browser.", "permissions": [ "cookies", "activeTab" ], "host_permissions": [ "https://mcat.tools/*", "<all_urls>" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.