[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

NotebookLM Web Importer

Version 1.1.0 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Rating: 4.9 ★

Users: 5

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has extremely limited adoption with only 5 users, which raises significant concerns about its legitimacy and testing. While it has a high rating of 4.9, this is based on an unspecified number of reviews from a tiny user base. The lack of developer information and missing last updated date further diminish trust. The extension appears to be designed for importing web content into Google's NotebookLM service, which is a legitimate use case, but the implementation raises serious security concerns.

Concerns:

The extension requests excessive permissions that far exceed what would be necessary for its stated purpose. The combination of broad host permissions (access to all HTTP/HTTPS sites), tabs permission, and clipboardRead creates a dangerous attack surface. Content scripts running on all websites could potentially capture sensitive information like passwords, personal data, or financial information. The clipboardRead permission allows monitoring of everything copied to the clipboard, which could include sensitive data. The tabs permission enables tracking browsing behavior across all websites.

Recommendations:

Given the high risk profile and minimal user base, avoid installing this extension. If you must use it, run it in a completely isolated Chrome profile with no access to sensitive accounts or data. Consider using official Google tools or well-established alternatives with larger user bases and transparent developers. Monitor your clipboard usage carefully and avoid copying sensitive information while the extension is active.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: clipboardRead

This extension has the clipboardRead permission. Can read clipboard content. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://notebooklm.google.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
activeTab
contextMenus
storage
scripting
sidePanel
offscreen
clipboardRead

Host Permissions:

https://notebooklm.google.com/*
https://www.youtube.com/*
http://*/*
https://*/*

Embedded URLs (25 total):

https://creem-verify-notebook-lm.okeoke1011.workers.dev	https://notebooklm.google.com/
https://clients2.google.com/service/update2/crx	https://www.youtube.com/
http://www.w3.org/2000/svg	https://react.dev/errors/
http://www.w3.org/1998/Math/MathML	http://www.w3.org/1999/xlink
http://www.w3.org/XML/1998/namespace	https://www.creem.io/payment/prod_16FITFzlcqmiAtkV5iAWH7
http://www.w3.org/1999/xhtml	http://www.w3.org/2000/xmlns/
https://news.ycombinator.com/item?id=	https://reddit.com
https://publish.twitter.com/oembed?url=	https://api.fxtwitter.com/
https://defuddle.md	https://x.com/
https://www.youtube.com/embed/	https://www.youtube.com/youtubei/v1/player?prettyPrint=false
https://www.youtube.com/youtubei/v1/next?prettyPrint=false	https://www.youtube.com/watch?v=
https://x.com/i/status/	https://radix-ui.com/primitives/docs/components/
https://notebooklm.google.com/notebook/

Raw Manifest

{
  "name": "__MSG_extName__",
  "icons": {
    "16": "icon/16.png",
    "32": "icon/32.png",
    "48": "icon/48.png",
    "128": "icon/128.png"
  },
  "action": {
    "default_popup": "popup.html",
    "default_title": "NotebookLM Web Importer"
  },
  "version": "1.1.0",
  "commands": {
    "open-link-selection": {
      "description": "Trigger page link selection mode",
      "suggested_key": {
        "default": "Alt+Shift+L"
      }
    }
  },
  "background": {
    "service_worker": "background.js"
  },
  "side_panel": {
    "default_path": "sidepanel.html"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_extDescription__",
  "permissions": [
    "tabs",
    "activeTab",
    "contextMenus",
    "storage",
    "scripting",
    "sidePanel",
    "offscreen",
    "clipboardRead"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "content-scripts/content.js"
      ],
      "matches": [
        "http://*/*",
        "https://*/*"
      ]
    }
  ],
  "host_permissions": [
    "https://notebooklm.google.com/*",
    "https://www.youtube.com/*",
    "http://*/*",
    "https://*/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

NotebookLM Web Importer

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (25 total):

Raw Manifest

Detections

Manifest Findings