TwExportly: Export Tweets From Any Account
Version 2.29 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a moderate user base of 10,000 users, which suggests some level of adoption. However, the relatively low rating of 3.2 out of 5 stars with only 20 reviews raises concerns about user satisfaction and potential issues. The developer 100xtools.com appears to be a tools-focused company, but limited information about their reputation makes it difficult to assess trustworthiness fully.
The webRequest permission is particularly concerning for a tweet export tool, as this allows the extension to intercept and potentially modify all web traffic. This capability far exceeds what would be necessary for simply exporting tweets. The broad host permissions, while limited to Twitter/X domains, still grant extensive access to user activity on these platforms. The combination of these permissions creates potential for data harvesting beyond the stated purpose of tweet export.
Given the high-risk permissions that seem excessive for the extension's stated functionality, consider running this extension in a separate Chrome profile to isolate it from your main browsing activities. Before installation, verify that tweet export functionality truly requires webRequest permissions by checking if alternative extensions with more limited permissions exist. Monitor the extension's behavior closely and remove it immediately if you notice any suspicious network activity or unexpected data requests.
Findings
Security Analysis Details
Required Permissions:
- storage
- webRequest
- scripting
Host Permissions:
- *://*.twitter.com/*
- *://*.x.com/*
Embedded URLs (18 total):
| http://www.w3.org/2000/svg | https://developer.mozilla.org/en-US/docs/Web/API/LockManager/request | |
| https://gzjiestwskghydibutib.supabase.co | https://api-js.mixpanel.com | |
| https://mixpanel.com | https://cdn.mxpnl.com | |
| https://api.mixpanel.com/track?ip=1&verbose=1 | https://100xtools.com/twexportly/signin | |
| https://100xtools.com/twexportly/pricing | https://100xtools.com/twexportly/pricing?ext_id= | |
| https://100xtools.lemonsqueezy.com/billing | https://100xtools.com/twexportly/signin?ext_id= | |
| https://chrome.google.com/webstore/detail/ | https://account.100xtools.com/api/products/62560/subscriptions/mine | |
| https://static.100xtools.com/settings/twexportly.json?now= | https://app.lemonsqueezy.com/my-orders | |
| https://clients2.google.com/service/update2/crx | https://100xtools.com/ |
Raw Manifest
{ "name": "__MSG_extName__", "icons": { "16": "src/assets/icons/16.png", "32": "src/assets/icons/32.png", "48": "src/assets/icons/48.png", "128": "src/assets/icons/128.png" }, "action": { "default_icon": { "16": "src/assets/icons/16.png", "32": "src/assets/icons/32.png", "48": "src/assets/icons/48.png", "128": "src/assets/icons/128.png" }, "default_popup": "src/popup/popup.html" }, "version": "2.29", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDescription__", "permissions": [ "storage", "webRequest", "scripting" ], "default_locale": "en", "content_scripts": [ { "js": [ "assets/twmodule.js.19e82c8a.js" ], "world": "MAIN", "run_at": "document_start", "matches": [ "*://*.twitter.com/*", "*://*.x.com/*" ] } ], "host_permissions": [ "*://*.twitter.com/*", "*://*.x.com/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://100xtools.com/*", "https://*.x.com/*", "https://*.twitter.com/*" ] }, "web_accessible_resources": [ { "matches": [ "*://*.twitter.com/*", "*://*.x.com/*" ], "resources": [ "assets/index.d763c43b.js", "assets/constant.7c24a6fb.js", "assets/Twitter.svelte_svelte_type_style_lang.3931b606.js", "assets/content.ts.313fff1f.js", "assets/twmodule.js.19e82c8a.js", "assets/subscription.de645634.js", "assets/twitter.ts.a5f0cb95.js", "assets/Twitter.inject.css" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.