NoteKitLM for NotebookLM: Better Workflow for Books, Web & ChatGPT Research
Version 1.4.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has very limited user adoption with only 404 users and just 4 reviews, despite a perfect 5.0 rating. The small user base makes it difficult to assess real-world reliability. The extension appears to integrate with popular AI platforms (ChatGPT, Claude, Gemini) and Google's NotebookLM, which suggests legitimate functionality for research workflows. However, the lack of developer information and company details raises transparency concerns.
The extension requests extremely broad permissions that far exceed what would be necessary for a research workflow tool. The debugger permission is particularly concerning as it allows manipulation of other extensions and browser debugging capabilities. The <all_urls> host permission combined with broad content script injection creates significant privacy and security risks. The downloads permission could enable unauthorized file downloads, while webNavigation tracking capabilities allow comprehensive browsing surveillance. These permissions collectively create potential for data theft, credential harvesting, and extensive user tracking across all websites.
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with no saved passwords or sensitive data. Consider alternative research tools with more limited permissions. Monitor your browser's download history and network activity if using this extension. The broad permissions suggest either poor security practices or potentially malicious intent - the legitimate functionality likely doesn't require such extensive access.
Findings
Security Analysis Details
Required Permissions:
- sidePanel
- storage
- activeTab
- scripting
- debugger
- offscreen
- declarativeNetRequest
- downloads
- webNavigation
Host Permissions:
- https://notebooklm.google.com/*
- <all_urls>
Embedded URLs (97 total):
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://www.youtube.com/watch?v= | https://example.com/article1 | |
| https://example.com/article2 | https://www.youtube.com/playlist?list=... | |
| https://example.com/feed.xml | https://example.com/podcast/feed.xml | |
| https://example.com/article-list | https://ejemplo.com/articulo1 | |
| https://ejemplo.com/articulo2 | https://ejemplo.com/feed.xml | |
| https://ejemplo.com/lista-articulos | https://exemplo.com/artigo1 | |
| https://exemplo.com/artigo2 | https://exemplo.com/feed.xml | |
| https://exemplo.com/lista-artigos | https://exemple.com/article1 | |
| https://exemple.com/article2 | https://exemple.com/feed.xml | |
| https://exemple.com/liste-articles | https://beispiel.de/artikel1 | |
| https://beispiel.de/artikel2 | https://beispiel.de/feed.xml | |
| https://beispiel.de/artikelliste | https://esempio.com/articolo1 | |
| https://esempio.com/articolo2 | https://esempio.com/feed.xml | |
| https://esempio.com/lista-articoli | https://ornek.com/makale1 | |
| https://ornek.com/makale2 | https://ornek.com/feed.xml | |
| https://ornek.com/makale-listesi | https://notekitlm.com | |
| https://rmqschuadmlqkleyvgze.supabase.co | https://github.com/orgs/supabase/discussions/37217 | |
| https://feross.org/opensource | https://feross.org | |
| https://developer.mozilla.org/en-US/docs/Web/API/LockManager/request | https://notebooklm.google.com/notebook/ | |
| https://chromewebstore.google.com/detail/notekitlm-for-notebooklm/gbbjcgcggmbbedblaipngfghdfndpbba/reviews | https://docs.google.com/forms/d/e/1FAIpQLSet9NvOt_ffTDvdyXCbJnQwagkdu8XOzy-KEXD1DKOHCg80Fw/viewform | |
| https://www.google-analytics.com/debug/mp/collect | https://www.google-analytics.com/mp/collect | |
| https://www.youtube.com/playlist?list= | http://www.apache.org/licenses/LICENSE-2.0 | |
| http://example.com | https://foo.bar | |
| https://notekitlm.com/ | https://www.notekitlm.com/ | |
| https://www.notekitlm.com | https://github.com/markedjs/marked. | |
| https://notebooklm.google.com/_/LabsTailwindUi/data/batchexecute | https://notebooklm.google.com/?authuser= | |
| https://docs.google.com/document/d/ | https://docs.google.com/spreadsheets/d/ | |
| https://docs.google.com/presentation/d/ | https://drive.google.com/file/d/ | |
| https://www.notion.so | https://notebooklm.google.com/upload/_/?authuser= | |
| https://notebooklm.google.com/ | https://chatgpt.com/ | |
| https://chat.openai.com/ | https://claude.ai/ | |
| https://gemini.google.com/ | https://notekitlm.com/login?source=extension | |
| https://notekitlm.com/pricing | https://clients2.google.com/service/update2/crx | |
| https://github.com/Hopding/pdf-lib | https://www.youtube.com/embed/ | |
| https://news.ycombinator.com/ | https://news.ycombinator.com/item?id= | |
| https://reddit.com | http://www.xfa.org/schema/xci/ | |
| http://www.xfa.org/schema/xfa-connection-set/ | http://www.xfa.org/schema/xfa-data/ |
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "16": "icon16.plasmo.6c567d50.png", "32": "icon32.plasmo.76b92899.png", "48": "icon48.plasmo.aced7582.png", "64": "icon64.plasmo.8bb5e6e0.png", "128": "icon128.plasmo.3c1ed2d2.png" }, "action": { "default_icon": { "16": "icon16.plasmo.6c567d50.png", "32": "icon32.plasmo.76b92899.png", "48": "icon48.plasmo.aced7582.png", "64": "icon64.plasmo.8bb5e6e0.png", "128": "icon128.plasmo.3c1ed2d2.png" }, "default_popup": "popup.html" }, "author": "NoteKitLM", "version": "1.4.0", "background": { "service_worker": "static/background/index.js" }, "options_ui": { "page": "options.html", "open_in_tab": true }, "side_panel": { "default_path": "sidepanel.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDescription__", "permissions": [ "sidePanel", "storage", "activeTab", "scripting", "debugger", "offscreen", "declarativeNetRequest", "downloads", "webNavigation" ], "default_locale": "en", "content_scripts": [ { "js": [ "studio-injection.f5716f66.js" ], "css": [], "run_at": "document_start", "matches": [ "https://notebooklm.google.com/*" ], "all_frames": true }, { "js": [ "auth-sync.7240c2ef.js" ], "css": [], "run_at": "document_start", "matches": [ "https://notekitlm.com/*", "https://www.notekitlm.com/*", "https://*.netlify.app/*", "http://localhost:4321/*" ] }, { "js": [ "notebooklm-bulk-import-shortcut.9437cb2a.js" ], "css": [], "matches": [ "<all_urls>" ] }, { "js": [ "ai-conversation-sync.a9ef7de4.js" ], "css": [ "tabs/bulk-import.2a4c33d9.css" ], "run_at": "document_end", "matches": [ "https://chatgpt.com/*", "https://chat.openai.com/*", "https://claude.ai/*", "https://gemini.google.com/*", "https://*.web-sandbox.oaiusercontent.com/*" ], "all_frames": true }, { "js": [ "capture-job-ui.7b352a42.js" ], "css": [], "run_at": "document_end", "matches": [ "<all_urls>" ] } ], "host_permissions": [ "https://notebooklm.google.com/*", "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "assets/offscreen/offscreen.html", "assets/offscreen/offscreen.js", "assets/studio-interceptor.js", "assets/pdf-renderer.html", "assets/pdf.worker.min.mjs" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.