MerciApp - AI Writing Assistant
Version 3.96.0 View in Chrome Web Store
Last scanned: about 1 hour ago
Extension Details
Developer:
J2S3
Rating:
4.5 ★
(134 ratings)
Users:
80,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
CRITICAL
Overall Risk
Trust Factors:
The extension has a solid user base of 80,000 users and maintains a good rating of 4.5 stars from 134 reviews, suggesting legitimate functionality. The developer J2S3 appears to be associated with MerciApp, which positions itself as an AI writing assistant. The manifest version 3 compliance indicates modern security standards. However, the limited developer information and lack of clear company details reduce transparency.
Concerns:
The permission set is extremely broad for a writing assistant. Clipboard read/write access could expose sensitive copied data like passwords or personal information. The cookies permission allows tracking across websites and potential session hijacking. Universal host permissions (*://*/*) grant access to all websites, far exceeding what's necessary for writing assistance. The tabs permission enables monitoring of browsing activity. Content script injection on Google Docs and all websites creates extensive data collection opportunities. This permission combination allows comprehensive user surveillance and data harvesting.
Recommendations:
Given the critical risk level, run this extension in a completely separate Chrome profile isolated from personal browsing and sensitive accounts. Avoid copying passwords or confidential information while the extension is active. Regularly review what data the extension might be collecting. Consider alternative writing tools with more limited permissions. If you must use this extension, disable it when not actively writing and monitor for any suspicious browser behavior or unexpected clipboard modifications.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: clipboardRead
This extension has the clipboardRead permission. Can read clipboard content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: clipboardWrite
This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- activeTab
- alarms
- clipboardRead
- clipboardWrite
- cookies
- storage
- tabs
- sidePanel
- offscreen
- scripting
Host Permissions:
- http://*/*
- https://*/*
Content Security Policy:
- extension_pages: script-src 'self'; font-src 'self' https://assets.merci-app.com/; object-src 'self';
Embedded URLs (182 total):
| https://assets.merci-app.com/fonts/Inter-Regular.woff2 | https://assets.merci-app.com/fonts/Inter-Medium.woff2 | |
| https://assets.merci-app.com/fonts/Inter-Medium.woff | https://assets.merci-app.com/fonts/Inter-SemiBold.woff2 | |
| https://assets.merci-app.com/fonts/Inter-SemiBold.woff | https://assets.merci-app.com/fonts/Inter-Bold.woff2 | |
| https://assets.merci-app.com/fonts/Inter-Bold.woff | https://assets.merci-app.com/fonts/Inter-ExtraBold.woff2 | |
| https://assets.merci-app.com/fonts/Inter-ExtraBold.woff | https://assets.merci-app.com/fonts/Tropiline-Bold.woff2 | |
| https://assets.merci-app.com/fonts/Tropiline-Bold.woff | https://npms.io/search?q=ponyfill. | |
| http://momentjs.com/guides/#/warnings/define-locale/ | http://momentjs.com/guides/#/warnings/js-date/ | |
| http://momentjs.com/guides/#/warnings/min-max/ | http://momentjs.com/guides/#/warnings/add-inverted-param/ | |
| http://momentjs.com/guides/#/warnings/zone/ | http://momentjs.com/guides/#/warnings/dst-shifted/ | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://github.com/styled-components/polished/blob/main/src/internalHelpers/errors.md# | https://github.com/styled-components/styled-components/blob/main/packages/styled-components/src/utils/errors.md# | |
| https://reactjs.org/docs/lists-and-keys.html#keys | https://reactjs.org/docs/reconciliation.html#recursing-on-children | |
| https://github.com/Kukkimonsuta/inversify-react/blob/v0.5.0/src/provider.tsx | http://fb.me/use-check-prop-types | |
| https://public.refiner.io/s/m4z43d/b7179da0-bd31-11eb-af96-95ed3308c912?contact_email= | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-Regular.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-Regular.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-Medium.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-Medium.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-Bold.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-Bold.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-Italic.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-Italic.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-SemiBold.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-SemiBold.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-ExtraBold.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-ExtraBold.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-SemiBoldItalic.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Inter-SemiBoldItalic.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Tropiline-SemiBold.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Tropiline-SemiBold.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Tropiline-Bold.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Tropiline-Bold.woff2 | https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Tropiline-ExtraBold.woff | |
| https://p-merci-assets.s3.eu-west-3.amazonaws.com/fonts/Tropiline-ExtraBold.woff2 | https://github.com/syntax-tree/hast-util-to-jsx-runtime | |
| https://github.com/remarkjs/react-markdown/blob/main/changelog.md | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://github.com/zloirock/core-js/blob/v3.25.5/LICENSE | https://github.com/zloirock/core-js | |
| https://public.refiner.io/s/m4z43d/5a0c8840-bc96-11eb-9d80-1b9457d9abec?contact_email= | https://aide.merci-app.com | |
| https://web.merci-app.com | https://web.merci-app.com/u/ | |
| https://web.merci-app.com?cello-open=invite | https://web.merci-app.com/u/account | |
| https://web.merci-app.com/registration | https://public.refiner.io/s/m4z43d/5a0c8840-bc96-11eb-9d80-1b9457d9abec?&response_je_veux=signaler%20un%20bug&contact_email= | |
| https://aide.merci-app.com/fr/article/comment-activer-lautocorrection-sur-lextension-merciapp-1o6nv2r/?bust=1692952130288#1-sur-quels-sites-lautocorrection-fonctionne-t-elle | https://prosemirror.net/docs/guide/#generatable | |
| https://www.paris-turf.com/actualites/france/lundi-27-octobre-2025-a-chantilly-prix-miesque-gr-iii-half-sovereign-repond-present-malgre-les-incertitudes-301618929032 | https://www.paris-turf.com/actualites/france/dimanche-24-aout-2025-a-deauville-sumbe-prix-du-calvados-gr-ii-my-highness-pulverise-le-record-301392712509 | |
| https://www.paris-turf.com/actualites/france/samedi-11-octobre-2025-a-chantilly-criterium-de-maisons-laffitte-gr-ii-samangan-peut-viser-groupe-i-en-2026-301561904925 | https://www.paris-turf.com/actualites/france/mardi-7-avril-2026-a-deauville-prix-djebel-et-imprudence-gr-iii-my-highness-et-samangan-en-vedette-302166296858 | |
| https://aide.merci-app.com/fr/article/comment-contextualiser-ma-demande-1b6pbi8/ | https://reactrouter.com/en/main/routers/picking-a-router. | |
| https://aide.merci-app.com/fr/article/quest-ce-quun-assistant-ia-maia-1po6t6p/ | https://assets.merci-app.com/fonts/FiraMono-Regular.woff | |
| https://assets.merci-app.com/fonts/FiraMono-Regular.woff2 | https://assets.merci-app.com/fonts/Inter-Regular.woff | |
| https://assets.merci-app.com/fonts/Inter-Italic.woff | https://assets.merci-app.com/fonts/Inter-Italic.woff2 | |
| https://assets.merci-app.com/fonts/Inter-SemiBoldItalic.woff | https://assets.merci-app.com/fonts/Inter-SemiBoldItalic.woff2 |
Page 1 of 3
Raw Manifest
{ "name": "__MSG_extensionName__", "icons": { "64": "static/metadata/merci-icon-64-production.png", "128": "static/metadata/merci-icon-128-production.png" }, "action": { "chrome_style": false, "default_icon": { "64": "static/metadata/merci-icon-64-production.png", "128": "static/metadata/merci-icon-128-production.png" }, "default_popup": "popup.html", "default_title": "MerciApp" }, "author": "MerciApp", "version": "3.96.0", "commands": { "maia-open-interviewer": { "description": "Open the Transform prompt", "suggested_key": { "mac": "Alt+M", "default": "Alt+M", "windows": "Alt+M" } } }, "background": { "service_worker": "background.js" }, "short_name": "MerciApp", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extensionDescription__", "permissions": [ "activeTab", "alarms", "clipboardRead", "clipboardWrite", "cookies", "storage", "tabs", "sidePanel", "offscreen", "scripting" ], "homepage_url": "https://www.merci-app.com", "default_locale": "en", "content_scripts": [ { "js": [ "index.js" ], "matches": [ "http://*/*", "https://*/*" ], "all_frames": true, "match_about_blank": true }, { "js": [ "gdocs.js" ], "world": "MAIN", "run_at": "document_start", "matches": [ "*://docs.google.com/document/*" ], "all_frames": true } ], "host_permissions": [ "http://*/*", "https://*/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://*.merci-app.com/*" ] }, "minimum_chrome_version": "90", "content_security_policy": { "extension_pages": "script-src 'self'; font-src 'self' https://assets.merci-app.com/; object-src 'self';" }, "web_accessible_resources": [ { "matches": [ "http://*/*", "https://*/*" ], "resources": [ "/static/*", "/content.js", "/content-chunks/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -