[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

ChatGPT PromptCounter

Version 1.2.1 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Rating: 4.7 ★

Users: 19

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has extremely limited adoption with only 19 users, which raises concerns about its legitimacy and testing. While it maintains a 4.7 rating, the small user base makes this rating less meaningful. The lack of developer information and company details further reduces trustworthiness. The extension appears to target ChatGPT users for prompt counting functionality.

Concerns:

The most significant red flag is the content script injection across all URLs (<all_urls>) combined with broad host permissions. For an extension that claims to count ChatGPT prompts, there's no justification for accessing every website you visit. This creates massive potential for data harvesting, credential theft, and privacy violations. The activeTab and storage permissions, while individually reasonable, become concerning when combined with the overly broad access. The extension could monitor all your browsing activity, not just ChatGPT usage.

Recommendations:

Given the high risk profile, avoid installing this extension entirely. If you absolutely need prompt counting functionality, look for alternatives with better security practices and larger user bases. If you must use it, create a dedicated Chrome profile isolated from your main browsing and only use it when accessing ChatGPT. Never enter sensitive information while this extension is active. Consider using ChatGPT in an incognito window instead, or look for prompt counting tools that don't require browser extensions.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "ChatGPT PromptCounter",
  "icons": {
    "48": "icon.png"
  },
  "action": {
    "default_icon": {
      "48": "icon.png"
    },
    "default_popup": "popup.html"
  },
  "version": "1.2.1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Counts user prompts to ChatGPT",
  "permissions": [
    "storage",
    "activeTab"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "css": [
        "styles.css"
      ],
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "https://chat.openai.com/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

ChatGPT PromptCounter

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings

https://clients2.google.com/service/update2/crx	https://chat.openai.com/
https://chat.openai.com	https://nestolobo.github.io/extension-image-hosting/chatgptcounter.png