Grok Automation - Auto Grok on Grok.com
Version 1.4.2.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a substantial user base of 100,000 users and maintains a decent 4.1-star rating from 84 reviews, suggesting general user satisfaction. However, the developer identity "kylenguyen.me" appears to be an individual rather than an established company, which reduces institutional trust. The extension targets Grok.com specifically, which is a legitimate AI platform, and the automation functionality aligns with its stated purpose.
The extension requests several powerful permissions that create significant security risks. The tabs permission allows comprehensive browser tab manipulation and information access, while the downloads permission enables file downloads and access to download history - both capabilities that extend well beyond basic automation needs for Grok.com. The broad host permissions covering all Grok.com subdomains create potential for data interception across the entire platform. The combination of these permissions could enable malicious activities like data theft, unauthorized downloads, or browsing surveillance.
Given the high-risk permission set, consider running this extension in a separate Chrome profile to isolate potential security impacts. Before installation, verify that the automation features truly require such extensive permissions. Monitor the extension's behavior closely, particularly any unexpected download activity or tab manipulation. Consider whether manual interaction with Grok.com might be safer than automated access through this extension. Regularly review the extension's permissions and remove it if you notice any suspicious activity.
Findings
Security Analysis Details
Required Permissions:
- storage
- tabs
- background
- sidePanel
- activeTab
- downloads
Host Permissions:
- *://grok.com/*
- *://*.grok.com/*
Embedded URLs (14 total):
| https://vuejs.org/error-reference/#runtime- | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xlink | |
| https://kylenguyen.me | https://grok.com/imagine | |
| https://github.com/trgkyle/grok-automation-user-guide | https://discord.gg/KS2pMHQdc9 | |
| https://configs.tpro.vn/ | https://kylenguyen.me? | |
| http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd | https://github.com/primefaces/primeicons | |
| https://opensource.org/licenses/MIT | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "Grok Automation - Auto Grok on Grok.com", "icons": { "16": "src/assets/logo.png", "24": "src/assets/logo.png", "32": "src/assets/logo.png", "128": "src/assets/logo.png" }, "action": { "default_title": "Grok Automation - Auto Grok on Grok.com" }, "author": { "email": "kylenguyenaws@gmail.com" }, "version": "1.4.2.0", "background": { "type": "module", "service_worker": "service-worker-loader.js" }, "side_panel": { "default_path": "src/ui/side-panel/index.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Auto Grok your prompts at scale. Batch generate and auto-download videos and images on grok.com.", "permissions": [ "storage", "tabs", "background", "sidePanel", "activeTab", "downloads" ], "version_name": "1.4.2", "content_scripts": [ { "js": [ "assets/index.ts-CJtghjYh.js" ], "run_at": "document_end", "matches": [ "*://grok.com/*" ], "all_frames": false } ], "offline_enabled": true, "host_permissions": [ "*://grok.com/*", "*://*.grok.com/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "*://grok.com/*" ], "resources": [ "assets/index.ts-CJtghjYh.js" ], "use_dynamic_url": false } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.