Extension Details
Context-Aware Verdict
The extension has a moderate user base of 5,000 downloads and a strong rating of 4.7 stars from 35 reviews, suggesting users find it functional. However, the developer information is minimal, with only a domain name (responsegenerator.app) provided, which limits transparency about the company behind the extension.
The extension's permission set is extremely broad and concerning for a "Response Generator." The combination of all_urls host permissions and content script injection across all websites creates significant security risks. The tabs permission allows manipulation of browser tabs, while localhost:3000 access suggests development or testing functionality that may not belong in a production extension. The vague description provides no clear justification for such extensive permissions, making it difficult to assess whether these capabilities are necessary for legitimate functionality.
Given the high-risk profile, consider running this extension in a separate Chrome profile to isolate potential security impacts. Before installation, research the developer's website and verify the extension's actual functionality matches your needs. Monitor your browsing behavior and data after installation for any suspicious activity. Consider alternative extensions with more limited permissions if you only need basic response generation features. If you must use this extension, regularly review your stored passwords and sensitive account information, as the broad permissions could potentially access this data across all websites.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- tabs
- storage
- scripting
- sidePanel
Host Permissions:
- https://localhost:3000/*
- <all_urls>
Embedded URLs (26 total):
| https://clients2.google.com/service/update2/crx | https://appbox.space/ | |
| https://responsegenerator.app/en/welcome | https://forms.gle/AL6m6D2g1P5AZxin7 | |
| https://appbox.space/api/track-event | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/2000/svg | http://www.w3.org/1998/Math/MathML | |
| http://www.w3.org/1999/xhtml | https://mui.com/production-error/?code= | |
| https://onlineapp.pro | https://onlineapp.live | |
| https://onlineapp.stream | https://appbox.space/paywall/ | |
| https://responsegenerator.app/en#pricing | https://forms.gle/Rb8Z3KCUJR4mvn7y9 | |
| https://chromewebstore.google.com/detail/dmnffcicegjjhjaekeloefipmjlokill/reviews | https://vercel-open-api-proxy.vercel.app/api | |
| https://appbox.space/api/v1/api-gateway/ | https://forms.gle/rAbAeuMo4K9cvsqM6 | |
| https://appbox.space | https://appbox.space/api/v1/paywall/ | |
| https://appbox.space/api/signout | http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qrlTHatj2oQeqH5kzlB5j58M6DgPl7W5Ei7H4Vxj1mioR9vBy6XDEmrQRE74H3NeWttwadQCEW+adh0GVLYg4Lz9oxJoVnLBmd+Oq7xBsnSVPAQI6Eyna+pWQJJpC2Rtt5y5LA6E1YDV90hHtjmuZSZhwjyjDZaqjbLSc7bTWI981Yj0yBXdxPLsk6Qn79Au9hlfovCXvFsIrTRnHiLe/l3EyZT3YQS73BDsJ7hgOJ0E2lAodRRtmgypPLHaoVrmT8f6rK2taRT5HQOsTXHc3DK270uI54x7cxj3nhL8Wgh0e0q5aWS4RD3KylcoKaJ1ZdAnLp0Y2BMId3AdsI10QIDAQAB", "name": "__MSG_appName__", "icons": { "16": "img/logo-16.png", "32": "img/logo-32.png", "48": "img/logo-48.png", "128": "img/logo-128.png" }, "action": { "default_icon": "img/logo-48.png" }, "version": "2.5.1", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "side_panel": { "default_path": "sidepanel.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_shortDesc__", "permissions": [ "activeTab", "tabs", "storage", "scripting", "sidePanel" ], "default_locale": "en", "content_scripts": [ { "js": [ "assets/index.tsx-loader-cf1bc507.js" ], "run_at": "document_end", "matches": [ "<all_urls>" ] }, { "js": [ "assets/content-script.ts-loader-6d55e63f.js" ], "run_at": "document_end", "matches": [ "http://*/*", "https://*/*" ] } ], "host_permissions": [ "https://localhost:3000/*", "<all_urls>" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://appbox.space/*" ] }, "web_accessible_resources": [ { "matches": [], "resources": [ "img/logo-16.png", "img/logo-32.png", "img/logo-48.png", "img/logo-128.png" ], "use_dynamic_url": false }, { "matches": [ "<all_urls>" ], "resources": [ "icons/logo.svg", "assets/chunk-060d9751.js" ], "use_dynamic_url": false }, { "matches": [ "http://*/*", "https://*/*" ], "resources": [ "assets/chunk-2e28d5fe.js" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.