[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

URL Cleaner

Version 0.1.0 View in Chrome Web Store

Last scanned: about 2 hours ago

Extension Details

Rating: 3.4 ★ (7 ratings)

Users: 8,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a relatively small user base of 8,000 users and a below-average rating of 3.4 stars from only 7 reviews, which suggests limited community validation. The lack of developer information and missing last updated date raises transparency concerns. The extension's basic description without detailed functionality explanation further reduces trust indicators.

Concerns:

The extension requests unnecessarily broad permissions for a URL cleaning tool. The clipboardWrite permission combined with broad host access to all websites creates significant privacy risks, as it could potentially capture and modify sensitive data from any website you visit. The declarativeNetRequestWithHostAccess permission allows network request modification across all sites, which exceeds typical requirements for URL cleaning functionality. The combination of activeTab, storage, and universal host permissions creates multiple attack vectors for data collection and manipulation.

Recommendations:

Given the high risk profile, consider running this extension in a separate Chrome profile dedicated to non-sensitive browsing activities. Before installation, verify if simpler URL cleaning tools or browser bookmarklets could meet your needs without requiring extensive permissions. If you proceed with installation, regularly monitor your clipboard content and be cautious when using the extension on sites containing sensitive information. Consider looking for alternative URL cleaning extensions with more restrictive permissions and better developer transparency.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: clipboardWrite

This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "URL Cleaner",
  "icons": {
    "16": "assets/icons/icon16.png",
    "48": "assets/icons/icon48.png",
    "128": "assets/icons/icon128.png"
  },
  "action": {
    "default_popup": "popup.html"
  },
  "$schema": "https://json.schemastore.org/chrome-manifest",
  "version": "0.1.0",
  "background": {
    "type": "module",
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "URL Cleaner is a convenient tool that helps you remove unnecessary parameters, tracking codes, and other unwanted elements from URLs",
  "permissions": [
    "activeTab",
    "clipboardWrite",
    "storage",
    "declarativeNetRequestWithHostAccess"
  ],
  "host_permissions": [
    "http://*/*",
    "https://*/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

URL Cleaner

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (2 total):

Raw Manifest

Detections

Manifest Findings