[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

AI to NotebookLM

Version 1.1.1 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Rating: 4.9 ★

Users: 55

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has very limited adoption with only 55 users, which raises concerns about its maturity and community vetting. While it maintains a high 4.9 rating, the small user base makes this less meaningful. The lack of visible developer information and company details significantly undermines trustworthiness. The extension appears to integrate with popular AI services like ChatGPT, Claude, and Gemini, suggesting legitimate functionality, but this cannot be verified without more transparency.

Concerns:

The permission set is excessive for what appears to be a simple AI integration tool. The identity and identity.email permissions are particularly concerning as they provide access to personal Google account information. The downloads permission seems unnecessary unless the extension needs to save content locally. The broad host permissions across multiple AI platforms, while functionally relevant, create a large attack surface. The tabs permission allows extensive browser manipulation capabilities that may exceed the extension's stated purpose.

Recommendations:

Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with minimal sensitive data and limited signed-in accounts. Consider using established alternatives with larger user bases and verified developers. Monitor your account activity closely if installed, and regularly review what data the extension has accessed through Chrome's extension management settings.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://notebooklm.google.com/*, https://gemini.google.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "AI to NotebookLM",
  "icons": {
    "16": "assets/icon-16.png",
    "32": "assets/icon-32.png",
    "48": "assets/icon-48.png",
    "128": "assets/icon-128.png"
  },
  "action": {
    "default_icon": {
      "16": "assets/icon-16.png",
      "32": "assets/icon-32.png"
    },
    "default_popup": "popup.html",
    "default_title": "AI to NotebookLM"
  },
  "version": "1.1.1",
  "commands": {
    "open-notebooklm": {
      "description": "__MSG_cmdOpenNotebookLM__"
    },
    "capture-active-tab": {
      "description": "__MSG_cmdCaptureActiveTab__"
    }
  },
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Capture AI chats and pages, then create new NotebookLM notebooks and import the content automatically.",
  "permissions": [
    "activeTab",
    "contextMenus",
    "downloads",
    "identity",
    "identity.email",
    "scripting",
    "storage",
    "tabs"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "content/notebooklm-panel.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "https://notebooklm.google.com/*"
      ]
    },
    {
      "js": [
        "content/ai-capture.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "https://chatgpt.com/*",
        "https://claude.ai/*",
        "https://gemini.google.com/*",
        "https://www.perplexity.ai/*",
        "https://perplexity.ai/*"
      ]
    }
  ],
  "host_permissions": [
    "https://notebooklm.google.com/*",
    "https://chatgpt.com/*",
    "https://claude.ai/*",
    "https://gemini.google.com/*",
    "https://www.perplexity.ai/*",
    "https://perplexity.ai/*"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "https://chatgpt.com/*",
        "https://claude.ai/*",
        "https://gemini.google.com/*",
        "https://www.perplexity.ai/*",
        "https://perplexity.ai/*"
      ],
      "resources": [
        "assets/notebooklm-mark.svg",
        "assets/notebooklm-logo.svg"
      ]
    }
  ]
}

by ✦ Astarte

AI to NotebookLM

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (9 total):

Raw Manifest

Detections

Manifest Findings

https://fonts.googleapis.com/css2?family=Inter:wght@400	https://notebooklm.google.com/
http://www.w3.org/2000/svg	https://clients2.google.com/service/update2/crx
https://chatgpt.com/	https://claude.ai/
https://gemini.google.com/	https://www.perplexity.ai/
https://perplexity.ai/