[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Add to CRM for Freshworks: Free B2B Prospecting Integration

Version 5.6.6 View in Chrome Web Store

Last scanned: about 9 hours ago

Extension Details

Rating: 2.0 ★ (1 rating)

Users: 63

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has very limited adoption with only 63 users and a concerning 2.0 rating from just 1 review, indicating poor user satisfaction. The lack of developer information and company details raises transparency concerns. While the extension claims to integrate with Freshworks CRM for B2B prospecting, the minimal user base and poor rating suggest either quality issues or limited market acceptance.

Concerns:

The extension requests extremely broad permissions that far exceed what's necessary for CRM integration. The <all_urls> host permission combined with content script injection capabilities across major email platforms (Gmail, Outlook) and Google services creates significant privacy and security risks. The tabs permission allows monitoring of browsing activity, while the broad content script access could enable data harvesting from sensitive business communications. The extension can access and potentially modify content on virtually any website you visit, not just the stated CRM-related sites.

Recommendations:

Given the high-risk profile and poor user feedback, consider avoiding this extension entirely. If CRM integration is essential, research well-established alternatives with better ratings and transparent developers. If you must use it, run it in a completely separate Chrome profile isolated from your main browsing and business accounts. Regularly audit what data the extension might be accessing and consider the potential exposure of sensitive business communications and client information.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
tabs
sidePanel
scripting
contextMenus

Host Permissions:

<all_urls>

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://api.addtocrm.com https://addtocrm.com;

Embedded URLs (22 total):

https://addtocrm.com	https://www.addtocrm.com
https://app.addtocrm.com	https://react.dev/errors/
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
https://addtocrm.com/dashboard/billing	https://www.youtube.com/watch?v=jlwDpiQBX1Q
https://www.linkedin.com/in/philmcp/	https://addtocrm.com/contact
https://api.addtocrm.com	https://www.linkedin.com/in/
https://linkedin.com/in/	https://www.linkedin.com/company/
https://linkedin.com/company/	https://www.linkedin.com
https://linkedin.com	https://clients2.google.com/service/update2/crx
https://linkedin.com/	https://addtocrm.com/

Raw Manifest

{
  "name": "Add to CRM for Freshworks: Free B2B Prospecting Integration",
  "icons": {
    "16": "img/icon/default16.png",
    "48": "img/icon/default48.png",
    "128": "img/icon/default128.png"
  },
  "action": {
    "default_title": "Add to CRM for Freshworks: Free B2B Prospecting Integration"
  },
  "author": {
    "url": "https://addtocrm.com",
    "name": "Add to CRM",
    "email": "phil@addtocrm.com"
  },
  "version": "5.6.6",
  "commands": {
    "toggle-panel": {
      "description": "Toggle Add to CRM panel (custom shortcut)"
    },
    "_execute_action": {
      "description": "Toggle Add to CRM panel",
      "suggested_key": {
        "mac": "Alt+A",
        "default": "Alt+A"
      }
    }
  },
  "background": {
    "type": "module",
    "service_worker": "background.bundle.js"
  },
  "side_panel": {
    "default_path": "sidepanel.html"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Find verified emails & phone numbers for any prospect. Add them to Freshworks with 1-click. 220M+ contacts.",
  "permissions": [
    "storage",
    "tabs",
    "sidePanel",
    "scripting",
    "contextMenus"
  ],
  "content_scripts": [
    {
      "js": [
        "contentScripts.bundle.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "*://mail.google.com/*",
        "*://gmail.com/*",
        "*://outlook.office.com/*",
        "*://outlook.office365.com/*",
        "*://outlook.live.com/*",
        "*://outlook.cloud.microsoft/*",
        "*://addtocrm.com/*",
        "*://api.addtocrm.com/*",
        "*://www.google.com/maps*",
        "*://www.google.com/search*",
        "*://www.google.co.uk/maps*",
        "*://www.google.co.uk/search*",
        "*://www.google.ca/maps*",
        "*://www.google.ca/search*",
        "*://www.google.com.au/maps*",
        "*://www.google.com.au/search*",
        "*://www.google.de/maps*",
        "*://www.google.de/search*",
        "*://www.google.fr/maps*",
        "*://www.google.fr/search*",
        "*://www.google.es/maps*",
        "*://www.google.es/search*",
        "*://www.google.it/maps*",
        "*://www.google.it/search*",
        "*://www.google.co.in/maps*",
        "*://www.google.co.in/search*",
        "*://www.google.co.jp/maps*",
        "*://www.google.co.jp/search*",
        "*://www.google.com.br/maps*",
        "*://www.google.com.br/search*",
        "*://www.google.nl/maps*",
        "*://www.google.nl/search*",
        "*://www.google.se/maps*",
        "*://www.google.se/search*",
        "*://www.google.co.nz/maps*",
        "*://www.google.co.nz/search*"
      ],
      "exclude_globs": [
        "https://linkedin.com/*",
        "*://*.linkedin.com/*"
      ],
      "exclude_matches": [
        "*://linkedin.com/*",
        "*://*.linkedin.com/*"
      ]
    },
    {
      "js": [
        "appBridge.bundle.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "https://addtocrm.com/*",
        "https://*.addtocrm.com/*"
      ],
      "exclude_globs": [
        "https://linkedin.com/*",
        "*://*.linkedin.com/*"
      ],
      "exclude_matches": [
        "*://linkedin.com/*",
        "*://*.linkedin.com/*"
      ]
    },
    {
      "js": [
        "textExpander.bundle.js"
      ],
      "run_at": "document_idle",
      "matches": [
        "<all_urls>"
      ],
      "exclude_globs": [
        "https://linkedin.com/*",
        "*://*.linkedin.com/*"
      ],
      "exclude_matches": [
        "*://linkedin.com/*",
        "*://*.linkedin.com/*"
      ]
    }
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://api.addtocrm.com https://addtocrm.com;"
  }
}

by ✦ Astarte

Add to CRM for Freshworks: Free B2B Prospecting Integration

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (22 total):

Raw Manifest

Detections

Manifest Findings