Mapify - AI Summarizer & Mind Map Generator for YouTube, PDFs, and Webpages
Version 1.6.3 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension comes from XMIND LTD., a legitimate company known for mind mapping software, which adds some credibility. With 100,000 users and a 4.4-star rating from 22 reviews, it shows reasonable adoption and user satisfaction. The functionality described (AI summarization and mind mapping for various content types) aligns with XMIND's core business.
The extension's permissions are extremely broad and concerning for its stated purpose. The combination of cookies access, tabs permission, and universal host permissions creates a powerful surveillance capability. The ability to inject content scripts into all websites means it can read everything you do online, including sensitive information like passwords, banking details, and private communications. The cookies permission allows it to access authentication tokens and session data across all sites. These permissions far exceed what's necessary for summarizing content and creating mind maps.
Given the critical risk level, consider running this extension in a completely separate Chrome profile dedicated only to content you're comfortable having monitored. Alternatively, look for similar tools that operate as standalone web applications rather than browser extensions. If you must use it, regularly review what data it might be collecting and consider using it only on non-sensitive websites. The broad permissions make this extension capable of comprehensive data harvesting regardless of the developer's intentions.
Findings
Security Analysis Details
Required Permissions:
- cookies
- storage
- contextMenus
- scripting
- tabs
Host Permissions:
- <all_urls>
Embedded URLs (17 total):
| https://mapify.so | https://chrome.google.com/webstore | |
| https://chromewebstore.google.com/ | https://clients2.google.com/service/update2/crx | |
| http://www.w3.org/2000/svg | https://vuejs.org/error-reference/#runtime- | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xlink | |
| https://api-js.mixpanel.com | https://mixpanel.com | |
| https://cdn.mxpnl.com | https://cdn.mxpnl.com/libs/mixpanel-recorder.min.js | |
| https://plausible.io | https://github.com/lancedikson/bowser | |
| https://github.com/wxt-dev/wxt/issues/371 | https://wxt.dev/guide/go-further/testing.html | |
| https://html.spec.whatwg.org/multipage/custom-elements.html#valid-custom-element-name |
Raw Manifest
{ "name": "__MSG_name__", "icons": { "16": "icons/16.png", "32": "icons/32.png", "48": "icons/48.png", "128": "icons/128.png" }, "action": { "default_popup": "popup.html", "default_title": "Mapify Popup" }, "version": "1.6.3", "commands": { "summarize": { "description": "__MSG_extSummarizeShortcutDesc__", "suggested_key": { "default": "Alt+M" } } }, "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDesc__", "permissions": [ "cookies", "storage", "contextMenus", "scripting", "tabs" ], "default_locale": "en_US", "content_scripts": [ { "js": [ "content-scripts/content.js" ], "matches": [ "<all_urls>" ] } ], "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "content-scripts/content.css" ] } ], "browser_specific_settings": { "gecko": { "data_collection_permissions": { "optional": [ "technicalAndInteraction" ], "required": [ "websiteContent", "authenticationInfo" ] } } } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.