Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 97 users, which raises concerns about its maturity and community vetting. While it maintains a high 4.9-star rating, the small user base makes this less meaningful. The lack of visible author and developer information is concerning for transparency and accountability. The extension targets NotebookLM, Google's AI note-taking service, which suggests legitimate functionality but also involves handling potentially sensitive user data.
The extension requests unnecessarily broad permissions for its stated purpose. The cookies permission is particularly concerning as it allows access to authentication tokens and session data across Google domains. The tabs permission enables monitoring and manipulation of all browser tabs, which exceeds what's needed for a simple importer tool. The broad host permissions to all Google domains create excessive attack surface. The combination of these permissions could enable data exfiltration, session hijacking, or unauthorized access to Google services beyond NotebookLM.
Given the high risk level and limited user base, consider running this extension in a separate Chrome profile dedicated to NotebookLM work only. Before installation, verify the extension's legitimacy through official channels or trusted sources. Monitor your Google account activity for any unusual behavior after installation. Consider alternative methods for importing data to NotebookLM that don't require such broad permissions. If you must use this extension, regularly review your Google account's security settings and connected applications.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- cookies
- tabs
- storage
Host Permissions:
- https://notebooklm.google.com/*
- https://*.google.com/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (21 total):
| https://notebooklm.google.com/ | https://notebooklm.google.com/?authuser= | |
| https://notebooklm.google.com | https://notebooklm.google.com/_/LabsTailwindUi/data/batchexecute?rpcids= | |
| https://clients2.google.com/service/update2/crx | http://www.w3.org/2000/svg | |
| https://example.com/page1 | https://example.com/page2 | |
| http://www.w3.org/1999/xhtml | https://svelte.dev/e/lifecycle_outside_component | |
| https://svelte.dev/e/async_derived_orphan | https://svelte.dev/e/effect_in_teardown | |
| https://svelte.dev/e/effect_in_unowned_derived | https://svelte.dev/e/effect_orphan | |
| https://svelte.dev/e/effect_update_depth_exceeded | https://svelte.dev/e/props_invalid_value | |
| https://svelte.dev/e/state_descriptors_fixed | https://svelte.dev/e/state_prototype_fixed | |
| https://svelte.dev/e/state_unsafe_mutation | https://svelte.dev/e/svelte_boundary_reset_onerror | |
| https://accounts.google.com/ServiceLogin |
Raw Manifest
{ "name": "NotebookLM Importer", "icons": { "16": "icons/16.png", "48": "icons/48.png", "128": "icons/128.png" }, "action": { "default_popup": "popup.html", "default_title": "NotebookLM Importer" }, "version": "2.0.5", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Seamlessly save content to your NotebookLM notebooks", "permissions": [ "activeTab", "cookies", "tabs", "storage" ], "host_permissions": [ "https://notebooklm.google.com/*", "https://*.google.com/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.