Wordcounter

Version 1.3 View in Chrome Web Store

Last scanned: 1 day ago | force re-scan

Extension Details

Rating: 2.6 ★ (38 ratings)

Users: 1,000

Context-Aware Verdict

MEDIUM

Risk Level

Trust Factors:

The extension has a concerning trust profile with only 1,000 users and a poor rating of 2.6 out of 5 stars from 38 reviews, suggesting user dissatisfaction. The lack of developer information and missing last updated date raises transparency concerns. The extension's limited adoption and negative feedback indicate potential quality or functionality issues.

Concerns:

- Poor user rating (2.6/5) suggests functionality or reliability problems

- Very low user base (1,000 users) indicates limited community validation

- Missing developer information reduces accountability and trust

- Uses outdated Manifest V2 with weaker security protections

- Content script injection specifically targets Google Docs, which could access sensitive documents

- Storage permission allows data persistence, though reasonable for a word counter

- ActiveTab permission is appropriate but combined with other factors increases risk

Recommendations:

Consider using a more established word counting extension with better ratings and larger user base. If you must use this extension, run it in a separate Chrome profile to isolate it from your main browsing session and sensitive documents. Monitor the extension's behavior closely and be cautious when using it with confidential Google Docs. Look for alternative extensions that use Manifest V3 and have transparent developer information.

Security Analysis

MEDIUM

Overall Risk

Based on 3 total findings, ranked without considering overall context, including 0 high-risk and 3 medium-risk findings.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "Wordcounter",
  "icons": {
    "128": "icon.png"
  },
  "version": "1.3",
  "background": {
    "scripts": [
      "background.js"
    ],
    "persistent": false
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Displays a real-time word count while writing in Google Docs, as well as milestone markers every 500 words.",
  "permissions": [
    "activeTab",
    "storage"
  ],
  "browser_action": {
    "name": "Click to toggle Wordcounter on or off"
  },
  "content_scripts": [
    {
      "js": [
        "jquery-3.3.1.min.js",
        "content.js"
      ],
      "css": [
        "style.css"
      ],
      "matches": [
        "https://docs.google.com/*"
      ]
    }
  ],
  "manifest_version": 2
}

Wordcounter

Extension Details

Context-Aware Verdict

Security Analysis

Security Analysis Details

Required Permissions:

Embedded URLs (2 total):

Raw Manifest

Secure Annex (beta)