Extract Emails from PDF
Version 1.3.0 View in Chrome Web Store
Last scanned: 1 day ago
| force re-scan
Extension Details
Rating:
3.0 ★
(2 ratings)
Users:
1,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Overall Risk
Trust Factors: This extension has several concerning trust indicators. With only 1,000 users and a low 3.0 rating from just 2 reviews, it lacks widespread adoption and user confidence. The absence of clear author and developer information raises transparency concerns, making it difficult to verify the extension's legitimacy or contact support if issues arise.
Concerns:
- The broad host permissions to "productivityimprover.com" and localhost appear excessive for a PDF email extraction tool, potentially allowing data collection from unrelated websites
- The unsafe WebAssembly execution policy ('wasm-unsafe-eval') creates security vulnerabilities by allowing potentially malicious code to run hidden from standard security checks
- The combination of storage permissions with broad host access could enable unauthorized data harvesting and storage
- The localhost permission is particularly suspicious as it could allow access to local development servers or services
- Low user adoption and poor ratings suggest potential functionality or security issues
Recommendations:
Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing data. Given the security findings and trust concerns, you might want to explore alternative PDF email extraction tools with better security practices, higher user ratings, and more transparent developer information. If you must use this extension, avoid using it on sensitive websites and regularly review what data it may have stored.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
Unsafe WebAssembly Execution
This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- scripting
Host Permissions:
- *://*.productivityimprover.com/*
- http://localhost/*
Content Security Policy:
- extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self'
Embedded URLs (126 total):
| https://www.productivityimprover.com | https://forms.gle/V3qgdzQJdLqVPC787 | |
| http://getbootstrap.com | https://github.com/twbs/bootstrap/blob/master/LICENSE | |
| https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css | https://fonts.googleapis.com/css2?family=Inter:wght@400 | |
| http://fontawesome.io | http://fontawesome.io/license | |
| http://www.w3.org/2000/svg | http://www.apache.org/licenses/LICENSE-2.0 | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/1999/xlink | |
| http://www.xfa.org/schema/xci/ | http://www.xfa.org/schema/xfa-connection-set/ | |
| http://www.xfa.org/schema/xfa-data/ | http://www.xfa.org/schema/xfa-form/ | |
| http://www.xfa.org/schema/xfa-locale-set/ | http://ns.adobe.com/xdp/pdf/ | |
| http://www.w3.org/2000/09/xmldsig# | http://www.xfa.org/schema/xfa-source-set/ | |
| http://www.w3.org/1999/XSL/Transform | http://www.xfa.org/schema/xfa-template/ | |
| http://www.xfa.org/schema/xdc/ | http://ns.adobe.com/xdp/ | |
| http://ns.adobe.com/xfdf/ | http://www.w3.org/1999/xhtml | |
| http://ns.adobe.com/xmpmeta/ | http://www.xfa.org/schema/xfa-data/1.0/ | |
| https://cdn.jsdelivr.net/npm/tesseract.js@v | https://github.com/naptha/tesseract.js.git | |
| https://github.com/naptha/tesseract.js/issues | https://github.com/naptha/tesseract.js | |
| https://opencollective.com/tesseractjs | https://cdn.jsdelivr.net/npm/tesseract.js-core@v | |
| https://unpkg.com/tesseract.js@5/dist/tesseract.min.js | https://unpkg.com/tesseract.js@5/dist/worker.min.js | |
| https://unpkg.com/tesseract.js-core@5/tesseract-core.wasm.js | https://tessdata.projectnaptha.com/4.0.0/eng.traineddata.gz | |
| https://github.com/Semantic-Org/Semantic-UI | http://www.semantic-ui.com/ | |
| http://opensource.org/licenses/MIT | https://fonts.googleapis.com/css?family=Lato:400 | |
| http://github.com/semantic-org/semantic-ui/ | http://www.famfamfam.com/lab/icons/flags/ | |
| https://fontawesome.com/license | https://github.com/daneden/animate.css | |
| https://github.com/nickpettit/glide | https://github.com/Semantic-Org/UI-Transition | |
| https://github.com/asual/jquery-address | https://gist.github.com/2134376 | |
| https://www.w3.org/Bugs/Public/show_bug.cgi?id=16328 | http://www.learnsemantic.com | |
| http://www.semantic-ui.com | https://github.com/Semantic-Org/Semantic-UI/issues | |
| https://fontawesome.com | http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd | |
| http://sheetjs.com | http://purl.org/dc/elements/1.1/ | |
| http://purl.org/dc/terms/ | http://purl.org/dc/dcmitype/ | |
| http://schemas.microsoft.com/office/mac/excel/2008/main | http://schemas.openxmlformats.org/officeDocument/2006/relationships | |
| http://schemas.openxmlformats.org/package/2006/sheetjs/core-properties | http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes | |
| http://www.w3.org/2001/XMLSchema-instance | http://www.w3.org/2001/XMLSchema | |
| http://schemas.openxmlformats.org/spreadsheetml/2006/main | http://purl.oclc.org/ooxml/spreadsheetml/main | |
| http://schemas.microsoft.com/office/excel/2006/main | http://schemas.microsoft.com/office/excel/2006/2 | |
| http://www.w3.org/TR/REC-html40 | http://schemas.openxmlformats.org/package/2006/content-types | |
| http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument | http://sheetjs.openxmlformats.org/officeDocument/2006/relationships/officeDocument | |
| http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink | http://schemas.openxmlformats.org/officeDocument/2006/relationships/vmlDrawing | |
| http://schemas.openxmlformats.org/officeDocument/2006/relationships/externalLinkPath | http://schemas.microsoft.com/office/2006/relationships/xlExternalLinkPath/xlPathMissing | |
| http://schemas.openxmlformats.org/officeDocument/2006/relationships/externalLink | http://schemas.microsoft.com/office/2006/relationships/vbaProject |
Page 1 of 2
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "16": "icons/icon16.png", "32": "icons/icon32.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }, "action": { "default_icon": "icons/icon48.png", "default_popup": "popup.html", "default_title": "__MSG_extDesc__" }, "version": "1.3.0", "background": { "service_worker": "bg.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDesc__", "permissions": [ "storage", "scripting" ], "default_locale": "en", "host_permissions": [ "*://*.productivityimprover.com/*", "http://localhost/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "help.html", "auth/pay/*", "dashboard.html", "injected.js", "css/*", "lib/tesseract/*", "lib/tesseract/tessdata/*", "lib/psl/*", "js/ocr.worker.js" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -