[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

prompts.chat

Version 1.3.2.0 View in Chrome Web Store

Last scanned: about 14 hours ago

Extension Details

Rating: 5.0 ★ (2 ratings)

Users: 1,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has very limited user adoption with only 1,000 users and just 2 ratings, making it difficult to assess community trust. The perfect 5.0 rating is based on too few reviews to be meaningful. The lack of clear developer information and company details raises transparency concerns. The extension appears to be related to AI chat platforms based on its name and target domains, which could be legitimate functionality.

Concerns:

The extension requests access to numerous high-profile AI platforms and development tools, creating a broad attack surface. The tabs permission combined with extensive host permissions allows comprehensive monitoring of user activity across these sensitive platforms. The unsafe WebAssembly execution policy is particularly concerning as it could hide malicious code. The storage permission enables data collection and retention. Given the sensitive nature of AI conversations that often contain personal or proprietary information, this level of access poses significant privacy risks.

Recommendations:

Due to the high risk level, consider running this extension in a separate Chrome profile dedicated to AI tools if you must use it. Carefully monitor what data you share on the supported platforms while the extension is active. Review the extension's actual functionality to determine if the broad permissions are justified. Consider alternatives with more limited permissions or better-established developers. If keeping the extension, regularly audit your AI chat history and avoid sharing sensitive information while it's enabled.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

Unsafe WebAssembly Execution

This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://gemini.google.com/*, https://github.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
activeTab
tabs
sidePanel

Host Permissions:

https://chatgpt.com/*
https://claude.ai/*
https://gemini.google.com/*
https://copilot.microsoft.com/*
https://chat.deepseek.com/*
https://grok.com/*
https://www.perplexity.ai/*
https://chat.mistral.ai/*
https://huggingface.co/*
https://poe.com/*
https://github.com/*
https://bolt.new/*
https://lovable.dev/*
https://v0.dev/*
https://prompts.chat/*

Content Security Policy:

extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self'

Embedded URLs (48 total):

https://github.com/ionide/ionide-fsgrammar/issues/155	https://chatgpt.com
https://claude.ai/new	https://gemini.google.com/app
https://copilot.microsoft.com	https://chat.deepseek.com
https://grok.com/chat	https://www.perplexity.ai
https://chat.mistral.ai/chat	https://huggingface.co/chat
https://poe.com	https://github.com/copilot
https://bolt.new	https://lovable.dev
https://v0.dev/chat	https://reactjs.org/docs/error-decoder.html?invariant=
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xhtml	https://www.google-analytics.com/mp/collect?measurement_id=
https://prompts.chat/prompts.json	https://radix-ui.com/primitives/docs/components/
https://github.com/fatihsolhan.png	https://github.com/fatihsolhan/prompts-chat-extension
https://github.com/f.png	https://github.com/f/awesome-chatgpt-prompts
https://prompts.chat/prompts/new	https://prompts.chat
https://prompts.chat/@	https://prompts.chat/prompts/
https://clients2.google.com/service/update2/crx	https://chatgpt.com/
https://claude.ai/	https://gemini.google.com/
https://copilot.microsoft.com/	https://chat.deepseek.com/
https://grok.com/	https://www.perplexity.ai/
https://chat.mistral.ai/	https://huggingface.co/
https://poe.com/	https://github.com/
https://bolt.new/	https://lovable.dev/
https://v0.dev/	https://prompts.chat/

Raw Manifest

{
  "name": "prompts.chat",
  "icons": {
    "16": "logos/logo-16.png",
    "48": "logos/logo-48.png",
    "128": "logos/logo-128.png"
  },
  "action": {
    "default_icon": {
      "16": "logos/logo-16.png",
      "48": "logos/logo-48.png",
      "128": "logos/logo-128.png"
    },
    "default_popup": "popup.html"
  },
  "version": "1.3.2.0",
  "background": {
    "type": "module",
    "service_worker": "service-worker-loader.js"
  },
  "side_panel": {
    "default_path": "sidepanel.html"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "permissions": [
    "storage",
    "activeTab",
    "tabs",
    "sidePanel"
  ],
  "version_name": "1.3.2",
  "content_scripts": [
    {
      "js": [
        "assets/content-script.ts-loader-BFHWiJN-.js"
      ],
      "matches": [
        "https://chatgpt.com/*",
        "https://claude.ai/*",
        "https://gemini.google.com/*",
        "https://copilot.microsoft.com/*",
        "https://chat.deepseek.com/*",
        "https://grok.com/*",
        "https://www.perplexity.ai/*",
        "https://chat.mistral.ai/*",
        "https://huggingface.co/*",
        "https://poe.com/*",
        "https://github.com/*",
        "https://bolt.new/*",
        "https://lovable.dev/*",
        "https://v0.dev/*"
      ]
    }
  ],
  "host_permissions": [
    "https://chatgpt.com/*",
    "https://claude.ai/*",
    "https://gemini.google.com/*",
    "https://copilot.microsoft.com/*",
    "https://chat.deepseek.com/*",
    "https://grok.com/*",
    "https://www.perplexity.ai/*",
    "https://chat.mistral.ai/*",
    "https://huggingface.co/*",
    "https://poe.com/*",
    "https://github.com/*",
    "https://bolt.new/*",
    "https://lovable.dev/*",
    "https://v0.dev/*",
    "https://prompts.chat/*"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "**/*",
        "*"
      ],
      "use_dynamic_url": false
    },
    {
      "matches": [
        "https://bolt.new/*",
        "https://chat.deepseek.com/*",
        "https://chat.mistral.ai/*",
        "https://chatgpt.com/*",
        "https://claude.ai/*",
        "https://copilot.microsoft.com/*",
        "https://gemini.google.com/*",
        "https://github.com/*",
        "https://grok.com/*",
        "https://huggingface.co/*",
        "https://lovable.dev/*",
        "https://poe.com/*",
        "https://v0.dev/*",
        "https://www.perplexity.ai/*"
      ],
      "resources": [
        "assets/content-script.ts-BzXFfyo0.js"
      ],
      "use_dynamic_url": false
    }
  ]
}

by ✦ Astarte

prompts.chat

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (48 total):

Raw Manifest

Detections

Manifest Findings