[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Confluence to Markdown

Version 1.0.0 View in Chrome Web Store

Last scanned: about 16 hours ago

Extension Details

Rating: 5.0 ★ (3 ratings)

Users: 1,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has very limited trust indicators with only 1,000 users and just 3 ratings, despite a perfect 5.0 rating. The lack of developer information, company details, and recent update history raises significant concerns about accountability and ongoing support. The extension's purpose of converting Confluence content to Markdown is legitimate, but the implementation appears overly broad for this specific function.

Concerns:

The extension requests excessive permissions that far exceed what's necessary for Confluence-to-Markdown conversion. The tabs permission allows monitoring and manipulation of all browser tabs, while clipboardWrite enables modification of clipboard content across all applications. The downloads permission grants access to download history and file creation capabilities. Most concerning is the broad content script injection pattern (*://*/*) that allows the extension to execute code on every website you visit, not just Confluence pages. This creates opportunities for data theft, credential harvesting, and malicious content modification across your entire browsing session.

Recommendations:

Do not install this extension in your primary browser profile. If you must use it, create a dedicated Chrome profile isolated from sensitive accounts and personal data. Consider alternative Confluence export methods or browser bookmarklets that don't require such extensive permissions. Monitor your clipboard and download activity closely if using this extension, and remove it immediately after completing your conversion tasks.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

High-Risk Permission: clipboardWrite

This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

Raw Manifest

{
  "name": "Confluence to Markdown",
  "icons": {
    "16": "icons/16.png",
    "32": "icons/32.png",
    "48": "icons/48.png",
    "128": "icons/128.png"
  },
  "action": {
    "default_popup": "popup.html",
    "default_title": "Confluence to Markdown"
  },
  "version": "1.0.0",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Convert Confluence pages to Markdown",
  "permissions": [
    "activeTab",
    "clipboardWrite",
    "downloads",
    "tabs"
  ],
  "content_scripts": [
    {
      "js": [
        "content-scripts/content.js"
      ],
      "matches": [
        "*://*/*"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

https://clients2.google.com/service/update2/crx	https://react.dev/errors/
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace

Confluence to Markdown

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (6 total):

Raw Manifest

Detections

Manifest Findings