Extension Details
Context-Aware Verdict
The extension has a very small user base of only 108 users, which limits community validation. However, it maintains a high rating of 4.9, suggesting satisfied users. The developer provides a website (talkgo.dev) which adds some legitimacy. The specific purpose of batch importing to NotebookLM appears legitimate and matches the requested permissions.
The "tabs" permission is concerning as it allows broad access to browser tab information beyond what's necessary for a batch importer. The extension requests access to all of notebooklm.google.com and youtube.com, which could be overly broad depending on the specific functionality needed. The combination of storage, tabs, and scripting permissions creates a powerful capability set that could be misused. The small user base means less community oversight and testing for potential security issues.
Consider running this extension in a separate Chrome profile to isolate it from your main browsing activities and sensitive data. Only install if you specifically need NotebookLM batch importing functionality and trust the developer. Monitor the extension's behavior and remove it when no longer needed. Be cautious about what data you import while the extension is active, as it has broad access to the specified domains. Consider looking for alternative solutions with more restrictive permissions or larger user bases if available.
Findings
Security Analysis Details
Required Permissions:
- storage
- tabs
- activeTab
- scripting
Host Permissions:
- https://notebooklm.google.com/*
- https://www.youtube.com/*
Embedded URLs (12 total):
| https://notebooklm.google.com/ | https://www.youtube.com/watch?v=VIDEO_ID | |
| https://youtu.be/VIDEO_ID | https://www.youtube.com/playlist?list=PLAYLIST_ID | |
| https://www.youtube.com/watch?v=dQw4w9WgXcQ | https://youtu.be/dQw4w9WgXcQ | |
| https://www.youtube.com/watch?v=test | https://www.youtube.com/watch?v= | |
| https://clients2.google.com/service/update2/crx | https://www.youtube.com/ | |
| https://www.youtube.com/watch?v=dQw4w9WgXcQ
 | https://www.youtube.com/playlist?list= |
Raw Manifest
{ "name": "__MSG_appName__", "icons": { "16": "assets/icons/icon16.png", "48": "assets/icons/icon48.png", "128": "assets/icons/icon128.png" }, "action": { "default_popup": "popup/popup.html", "default_title": "__MSG_appName__" }, "author": "NotebookLM Batch Importer Team", "version": "1.1.1", "background": { "service_worker": "background/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_appDescription__", "permissions": [ "storage", "tabs", "activeTab", "scripting" ], "default_locale": "zh_CN", "content_scripts": [ { "js": [ "utils/error-handler.js", "utils/url-parser.js", "content/notebooklm.js" ], "run_at": "document_end", "matches": [ "https://notebooklm.google.com/*" ] }, { "js": [ "utils/url-parser.js", "content/youtube.js" ], "run_at": "document_end", "matches": [ "https://www.youtube.com/*" ] } ], "host_permissions": [ "https://notebooklm.google.com/*", "https://www.youtube.com/*" ], "manifest_version": 3, "minimum_chrome_version": "88", "web_accessible_resources": [ { "matches": [ "https://notebooklm.google.com/*", "https://www.youtube.com/*" ], "resources": [ "utils/*.js", "_locales/*/messages.json" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.