Extension Details
Rating:
4.5 ★
(25 ratings)
Size:
519KiB
Last Updated:
January 31, 2025
Users:
5,000
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively high number of users (5,000) and a good rating (4.5/5), which suggests some level of trust from the user community.
- However, the lack of developer information and a detailed description raises some concerns about transparency and accountability.
Concerns:
- The extension requests the "clipboardRead" and "clipboardWrite" permissions, which allow it to read and modify the clipboard content. While these permissions may be necessary for the extension's functionality, they could potentially be misused to compromise security or privacy.
- The extension can inject scripts into any website (*://*/*) through its content scripts, which is a broad and potentially risky permission. This could enable the extension to read sensitive data, modify website content, or steal credentials.
- The "storage" and "contextMenus" permissions, while not inherently high-risk, could be used in conjunction with other permissions to facilitate malicious activities.
Recommendations:
- Exercise caution when using this extension, as it has broad permissions and the potential for misuse.
- Consider running the extension in a separate Chrome profile or a sandboxed environment to isolate it from your main browsing activities.
- Monitor the extension's behavior and check for any suspicious activities or unauthorized data access.
- If possible, investigate the developer's background and reputation to assess their trustworthiness.
- Consider using alternative extensions with similar functionality but more transparent and reputable developers, or explore built-in browser features that may achieve the same functionality without the need for an extension.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 5 total findings, ranked without considering overall context, including 3 high-risk and 2 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
High-Risk Permission: clipboardRead
This extension has the clipboardRead permission. Can read clipboard content. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: clipboardWrite
This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- clipboardRead
- clipboardWrite
- storage
- contextMenus
Content Security Policy:
- extension_pages: default-src 'self'
Embedded URLs (6 total):
| https://chromewebstore.google.com/search/micpob | https://clients2.google.com/service/update2/crx | |
| http://www.inkscape.org/ | http://www.w3.org/2000/svg | |
| http://www.inkscape.org/namespaces/inkscape | http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd |
Raw Manifest
{ "name": "__MSG_extension_name__", "icons": { "16": "Res/Icons/icon16.png", "24": "Res/Icons/icon24.png", "32": "Res/Icons/icon32.png", "48": "Res/Icons/icon48.png", "64": "Res/Icons/icon64.png", "128": "Res/Icons/icon128.png" }, "action": { "default_icon": { "16": "Res/Icons/icon16.png", "24": "Res/Icons/icon24.png", "32": "Res/Icons/icon32.png", "48": "Res/Icons/icon48.png", "64": "Res/Icons/icon64.png", "128": "Res/Icons/icon128.png" } }, "version": "2.6", "background": { "service_worker": "bg-wrapper.js" }, "options_ui": { "page": "Options/options.html", "open_in_tab": true }, "short_name": "CpyOnSlc", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extension_description__", "permissions": [ "clipboardRead", "clipboardWrite", "storage", "contextMenus" ], "default_locale": "en", "content_scripts": [ { "js": [ "injectScript.js" ], "run_at": "document_end", "matches": [ "*://*/*" ], "all_frames": true, "match_about_blank": true } ], "manifest_version": 3, "content_security_policy": { "extension_pages": "default-src 'self'" }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "Res/copied.svg" ] } ] }
Secure Annex (beta)
Coming soon...