LinkCollect - Save & Share Bookmarks
Version 1.1.3 View in Chrome Web Store
Last scanned: 5 days ago
| force re-scan
Extension Details
Developer:
linkcollect.io
Rating:
4.9 ★
(13 ratings)
Size:
1.49MiB
Last Updated:
October 12, 2023
Users:
2,000
Developer Info:
LinkCollectBorade Vasti Rd
Sector 10, MIDC, Bhosari
Pimpri-Chinchwad, Maharashtra 412105
IN
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively small user base of 2,000 users, which could indicate a newer or less popular extension.
- The developer information provided seems legitimate, but there is limited information available about the company's reputation.
Concerns:
- The extension requests broad host permissions (http://*/*, https://*/*, <all_urls>) and content script injection on all websites. This could potentially allow the extension to access sensitive data or track browsing activity across all sites.
- The "tabs" permission allows the extension to access and manipulate browser tabs, which could be used maliciously to compromise security or privacy.
- The "storage" permission allows the extension to store data locally, which could be a privacy concern if sensitive information is stored.
Recommendations:
- Exercise caution when installing this extension, as it has broad permissions that could potentially be exploited for malicious purposes.
- Consider running the extension in a separate browser profile or a sandboxed environment to limit its access to sensitive data or browsing activity.
- Monitor the extension's behavior and uninstall it if any suspicious activity is observed.
- Research the developer's reputation and track record before installing the extension, as there is limited information available about the company.
- Consider using alternative extensions with similar functionality but more limited permissions if available.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 6 total findings, ranked without considering overall context, including 3 high-risk and 3 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- storage
- tabs
- activeTab
- contextMenus
Host Permissions:
- http://*/*
- https://*/*
- <all_urls>
Embedded URLs (40 total):
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://api.linkcollect.io/api/v1/collections | https://linkcollect.io/logo_192_x_192.png | |
| https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE | https://jsonlink.io/api/extract?url= | |
| https://fonts.googleapis.com/css2?family=Lexend:wght@200 | https://tailwindcss.com | |
| https://github.com/mozdevs/cssremedy/issues/4 | https://github.com/tailwindcss/tailwindcss/pull/116 | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=190655 | https://bugs.chromium.org/p/chromium/issues/detail?id=999088 | |
| https://bugs.webkit.org/show_bug.cgi?id=201297 | https://bugs.chromium.org/p/chromium/issues/detail?id=935729 | |
| https://bugs.webkit.org/show_bug.cgi?id=195016 | https://github.com/mozilla/gecko-dev/blob/2f9eacd9d3d995c937b4251a5557d95d494c9be1/layout/style/res/forms.css#L728-L737 | |
| https://github.com/tailwindlabs/tailwindcss/issues/3300 | https://github.com/mozdevs/cssremedy/issues/14 | |
| https://github.com/jensimmons/cssremedy/issues/14#issuecomment-634934210 | https://api-js.mixpanel.com | |
| https://mixpanel.com | https://cdn.mxpnl.com | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/XML/1998/namespace | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://linkcollect.io/ | https://linkcollect.super.site/commands | |
| https://linkcollect.super.site/help | https://bit.ly/3cXEKWf | |
| https://redux.js.org/Errors?code= | https://api.linkcollect.io/api/v1 | |
| https://twitter.com/linkcollect_io | https://linkcollect.io/login | |
| http://linkcollect.io/ | https://linkcollect.lemonsqueezy.com/ | |
| https://github.com/facebook/regenerator/blob/main/LICENSE | https://clients2.google.com/service/update2/crx | |
| https://api.linkcollect.io/api/v1/collections/ | https://fonts.googleapis.com/css2?family=Lexend:wght@300 |
Raw Manifest
{ "name": "LinkCollect - Save & Share Bookmarks", "icons": { "16": "favicon.png", "19": "favicon.png", "32": "favicon.png", "48": "favicon.png", "128": "favicon.png" }, "action": { "default_popup": "popup.html", "default_title": "LinkCollect" }, "version": "1.1.3", "commands": { "save-all-tabs": { "description": "Inject a save all tabs script", "suggested_key": { "mac": "Alt+A", "default": "Alt+A" } }, "_execute_action": { "description": "Start the extension", "suggested_key": { "mac": "Alt+W", "default": "Alt+A" } }, "save-current-tab": { "description": "Inject a save recent collection ", "suggested_key": { "mac": "Alt+C", "default": "Alt+C" } } }, "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "linkcollect is the simplest way to save & share web links, bookmarks or tabs from anywhere to anyone", "permissions": [ "storage", "tabs", "activeTab", "contextMenus" ], "content_scripts": [ { "js": [ "contentScript.js" ], "matches": [ "http://*/*", "https://*/*", "<all_urls>" ] } ], "host_permissions": [ "http://*/*", "https://*/*", "<all_urls>" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "http://*/*", "https://*/*", "<all_urls>" ], "resources": [ "assets/bookmark.png", "approve.png", "failed.png" ] } ] }
Secure Annex (beta)
Coming soon...