Extension Details
Developer:
juicebox.ai
Rating:
3.7 ★
(11 ratings)
Users:
3,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
CRITICAL
Overall Risk
Trust Factors:
The extension has a relatively small user base of 3,000 users with a modest 3.7-star rating from only 11 reviews, indicating limited community validation. The developer appears to be associated with juicebox.ai, which suggests a legitimate AI-focused company. However, the low number of reviews relative to users raises some concerns about user engagement or satisfaction.
Concerns:
The extension requests extensive permissions that seem excessive for typical productivity tools. The combination of tabs, webNavigation, and downloads permissions creates a powerful surveillance capability that could track all browsing activity and file downloads. The broad host permissions extending beyond just the company's domains to include major email providers (Gmail, Outlook) suggests potential data harvesting from sensitive communications. The localhost permission indicates development/testing access that should typically be removed from production versions. The content script injection into email platforms is particularly concerning as it could access private correspondence.
Recommendations:
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with minimal sensitive data and avoid accessing email or confidential websites while the extension is active. Consider contacting the developer to understand why such broad permissions are necessary for the extension's stated functionality. Monitor your download history and browsing data for any unexpected activity if you choose to proceed with installation.
Findings
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: downloads
This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webNavigation
This extension has the webNavigation permission. Can track your web navigation. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- tabs
- webNavigation
- downloads
- downloads.open
Host Permissions:
- http://localhost:3000/*
- https://chat.juicebox.work/*
- https://gpt.juicebox.work/*
Embedded URLs (399 total):
| http://www.w3.org/2000/svg | https://reactjs.org/docs/error-decoder.html?invariant= | |
| http://www.w3.org/1999/xlink | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://help.juicebox.work/ | https://mui.com/production-error/?code= | |
| http://fb.me/use-check-prop-types | https://mui.com/r/caveat-with-refs-guide | |
| https://bugs.webkit.org/show_bug.cgi?id=68196 | https://gpt.juicebox.work | |
| https://chat.juicebox.work | https://gpt.juicebox.ai | |
| https://mail.google.com/ | https://outlook.live.com/ | |
| https://outlook.office.com/ | https://securetoken.googleapis.com/v1/token?key=AIzaSyBP5tMzJvUAQdttr6bPqyur5BG2AUaQ3lA | |
| https://clients2.google.com/service/update2/crx | https://chat.juicebox.work/ | |
| https://gpt.juicebox.work/ | https://docs.juicebox.work/profile-view#:~:text=Global%20Uni%2C%20etc.- | |
| http://momentjs.com/guides/#/warnings/define-locale/ | http://momentjs.com/guides/#/warnings/js-date/ | |
| http://momentjs.com/guides/#/warnings/min-max/ | http://momentjs.com/guides/#/warnings/add-inverted-param/ | |
| http://momentjs.com/guides/#/warnings/zone/ | http://momentjs.com/guides/#/warnings/dst-shifted/ | |
| https://circumicons.com/ | https://github.com/Klarr-Agency/Circum-Icons/blob/main/LICENSE | |
| https://fontawesome.com/ | https://creativecommons.org/licenses/by/4.0/ | |
| https://ionicons.com/ | https://github.com/ionic-team/ionicons/blob/master/LICENSE | |
| http://google.github.io/material-design-icons/ | https://github.com/google/material-design-icons/blob/master/LICENSE | |
| http://s-ings.com/typicons/ | https://creativecommons.org/licenses/by-sa/3.0/ | |
| https://octicons.github.com/ | https://github.com/primer/octicons/blob/master/LICENSE | |
| https://feathericons.com/ | https://github.com/feathericons/feather/blob/master/LICENSE | |
| https://lucide.dev/ | https://github.com/lucide-icons/lucide/blob/main/LICENSE | |
| https://game-icons.net/ | https://creativecommons.org/licenses/by/3.0/ | |
| https://erikflowers.github.io/weather-icons/ | http://scripts.sil.org/OFL | |
| https://vorillaz.github.io/devicons/ | https://opensource.org/licenses/MIT | |
| https://github.com/ant-design/ant-design-icons | https://github.com/twbs/icons | |
| https://github.com/Remix-Design/RemixIcon | http://www.apache.org/licenses/ | |
| https://github.com/icons8/flat-color-icons | https://github.com/grommet/grommet-icons | |
| https://github.com/tailwindlabs/heroicons | https://simpleicons.org/ | |
| https://creativecommons.org/publicdomain/zero/1.0/ | https://thesabbir.github.io/simple-line-icons/ | |
| https://github.com/Keyamoon/IcoMoon-Free | https://github.com/Keyamoon/IcoMoon-Free/blob/master/License.txt | |
| https://github.com/atisawd/boxicons | https://github.com/atisawd/boxicons/blob/master/LICENSE | |
| https://github.com/astrit/css.gg | https://github.com/microsoft/vscode-codicons | |
| https://github.com/tabler/tabler-icons | https://github.com/lykmapipo/themify-icons | |
| https://github.com/thecreation/standard-icons/blob/master/modules/themify-icons/LICENSE | https://icons.radix-ui.com | |
| https://github.com/radix-ui/icons/blob/master/LICENSE | https://github.com/phosphor-icons/core | |
| https://github.com/phosphor-icons/core/blob/main/LICENSE | https://icons8.com/line-awesome | |
| https://github.com/icons8/line-awesome/blob/master/LICENSE.md | https://prosemirror.net/docs/guide/#generatable | |
| https://s1370849.us-east-9.betterstackdata.com | https://in.logs.betterstack.com | |
| https://feross.org/opensource | https://feross.org |
Page 1 of 5
Raw Manifest
{ "name": "Juicebox Chrome Extension", "icons": { "16": "icon16.plasmo.6c567d50.png", "32": "icon32.plasmo.76b92899.png", "48": "icon48.plasmo.aced7582.png", "64": "icon64.plasmo.8bb5e6e0.png", "128": "icon128.plasmo.3c1ed2d2.png" }, "action": { "default_icon": { "16": "icon16.plasmo.6c567d50.png", "32": "icon32.plasmo.76b92899.png", "48": "icon48.plasmo.aced7582.png", "64": "icon64.plasmo.8bb5e6e0.png", "128": "icon128.plasmo.3c1ed2d2.png" }, "default_popup": "popup.html" }, "author": "Juicebox <developers@juicebox.ai>", "version": "0.8.7", "background": { "service_worker": "static/background/index.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Juicebox Chrome Extension", "permissions": [ "storage", "tabs", "webNavigation", "downloads", "downloads.open" ], "content_scripts": [ { "js": [ "content.883ade9e.js" ], "css": [ "content.bc8724f7.css" ], "matches": [ "https://mail.google.com/*", "https://outlook.live.com/*", "https://outlook.office.com/*", "http://localhost:3000/*", "https://chat.juicebox.work/*", "https://gpt.juicebox.work/*" ], "all_frames": false } ], "host_permissions": [ "http://localhost:3000/*", "https://chat.juicebox.work/*", "https://gpt.juicebox.work/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "http://localhost:3000/*", "https://chat.juicebox.work/*", "https://gpt.juicebox.work/*", "https://outlook.live.com/*", "https://outlook.office.com/*", "https://mail.google.com/*" ], "resources": [ "assets/pdf.worker.min.mjs", "assets/icons/icon16.dark.png", "assets/icons/icon48.dark.png", "assets/icons/icon128.dark.png", "assets/icons/icon16.light.png", "assets/icons/icon48.light.png", "assets/icons/icon128.light.png" ] }, { "matches": [ "https://mail.google.com/*", "https://outlook.live.com/*", "https://outlook.office.com/*", "http://localhost:3000/*", "https://chat.juicebox.work/*", "https://gpt.juicebox.work/*" ], "resources": [ "jbblackicon.dd77a5dc.svg", "jswhiteicon.524a39a1.svg", "content.c07f7572.png", "content.ea775b97.png", "content.755f3be2.png", "content.aae30a76.png", "content.592be18f.png", "content.1d94a97e.png", "content.e57ed51c.webp", "content.fca4ee17.webp", "content.3297b1be.png", "content.caaa0f47.png", "content.cb750f1a.png", "content.d8710e8c.png", "content.224f42a7.png", "content.db790d81.png", "inter-cyrillic-ext-400-normal.2189ad25.woff2", "inter-cyrillic-ext-400-normal.fdf8ab44.woff", "inter-cyrillic-400-normal.a7b77786.woff2", "inter-cyrillic-400-normal.be7400fd.woff", "inter-greek-ext-400-normal.b54fc9fe.woff2", "inter-greek-ext-400-normal.32270891.woff", "inter-greek-400-normal.992de89e.woff2", "inter-greek-400-normal.86d103c9.woff", "inter-vietnamese-400-normal.879b3689.woff2", "inter-vietnamese-400-normal.fbca0e06.woff", "inter-latin-ext-400-normal.cf9fe808.woff2", "inter-latin-ext-400-normal.6c235d2f.woff", "inter-latin-400-normal.5b35d278.woff2", "inter-latin-400-normal.ef058ad3.woff", "content.b4ca9838.css" ] } ], "optional_host_permissions": [ "https://outlook.live.com/*", "https://outlook.office.com/*", "https://mail.google.com/*" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
Loading Secure Annex data...
Unable to load Secure Annex data.
This extension may not yet be analyzed by Secure Annex.
Detections
0Critical
0
High
0
Medium
0
Low
0
Has Verdicts
Yes
Manifest Findings
0Critical
0
High
0
Medium
0
Low
0
Secure Annex analyzed version: -