[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

GrabChat - Export & Backup AI Chats and save context in JSON, MD, and PDF

Version 1.5.0 View in Chrome Web Store

Last scanned: about 21 hours ago

Extension Details

Rating: 5.0 ★ (2 ratings)

Users: 267

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a very small user base (267 users) and only 2 ratings, making it difficult to assess reliability through community feedback. The perfect 5.0 rating could indicate quality but lacks statistical significance. The extension's purpose of exporting AI chat conversations appears legitimate and useful for users who want to backup their conversations from various AI platforms.

Concerns:

The extension requests access to an unusually broad range of AI chat platforms and sensitive domains, including major services like ChatGPT, Claude, Gemini, Microsoft Copilot, and even social media platforms like X (Twitter). While the downloads permission aligns with the stated functionality of exporting chats, it also grants access to download history which could be privacy-invasive. The extensive host permissions create a large attack surface - if compromised, this extension could potentially access sensitive conversations across multiple AI platforms and personal data on various websites.

Recommendations:

Given the high-risk classification, consider running this extension in a separate Chrome profile dedicated to AI chat activities. Before installation, verify the developer's reputation and check for recent updates indicating active maintenance. Monitor the extension's behavior closely and revoke permissions if you notice any suspicious activity. Consider whether you truly need export functionality across all these platforms, as you might find extensions with more limited scope that serve your specific needs with reduced risk exposure.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://gemini.google.com/*, https://www.google.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

Security Analysis Details

Required Permissions:

activeTab
downloads

Host Permissions:

https://chat.openai.com/*
https://chatgpt.com/*
https://claude.ai/*
https://gemini.google.com/*
https://www.google.com/*
https://copilot.microsoft.com/*
https://www.perplexity.ai/*
https://x.com/*
https://grok.com/*
https://chat.deepseek.com/*
https://chat.qwen.ai/*
https://chat.mistral.ai/*
https://huggingface.co/*
https://poe.com/*
https://cdn.jsdelivr.net/*

Content Security Policy:

extension_pages: script-src 'self'; object-src 'self'

Embedded URLs (54 total):

http://www.w3.org/1998/Math/MathML	http://www.w3.org/2000/svg
http://www.w3.org/1999/xhtml	http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://jspdf.default.namespaceuri/	https://github.com/MrRio/jsPDF
http://www.yworks.com	https://github.com/HackbrettXXX
https://github.com/acspike	https://github.com/willowsystems
https://github.com/pablohess	https://github.com/fjenett
https://github.com/warrenweckesser	https://github.com/lifof
https://github.com/lsdriscoll	https://github.com/stefslon
https://github.com/jmorel	https://github.com/chris-rock
https://github.com/juanpgaviria	https://github.com/dollaruw
https://github.com/diegocr	https://github.com/Flamenco
https://github.com/Gavvers	http://www.phpied.com/rgb-color-parser-in-javascript/
http://www.myersdaily.org/joseph/javascript/md5.js	http://www.fpdf.org/en/script/script37.php
http://opensource.org/licenses/mit-license	https://www.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt
https://github.com/foliojs/pdfkit/blob/master/lib/security.js	https://github.com/jamesbrobb
https://github.com/deanm/omggif	https://webpjs.appspot.com
https://github.com/Pantura	https://github.com/
https://assets-cdn.github.com/images/icons/emoji/octocat.png	https://clients2.google.com/service/update2/crx
https://chat.openai.com/	https://chatgpt.com/
https://claude.ai/	https://gemini.google.com/
https://www.google.com/	https://copilot.microsoft.com/
https://www.perplexity.ai/	https://x.com/
https://grok.com/	https://chat.deepseek.com/
https://chat.qwen.ai/	https://chat.mistral.ai/
https://huggingface.co/	https://poe.com/
https://cdn.jsdelivr.net/	https://cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/72x72/
https://chrome.google.com/webstore	https://www.linkedin.com/in/shady-ghonim/

Raw Manifest

{
  "name": "GrabChat - Export & Backup AI Chats and save context in JSON, MD, and PDF",
  "icons": {
    "16": "icon16.png",
    "48": "icon48.png",
    "128": "icon128.png"
  },
  "action": {
    "default_icon": {
      "16": "icon16.png",
      "48": "icon48.png",
      "128": "icon128.png"
    },
    "default_popup": "popup.html"
  },
  "version": "1.5.0",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Export conversations from all major LLM platforms to JSON, Markdown, and PDF",
  "permissions": [
    "activeTab",
    "downloads"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "run_at": "document_end",
      "matches": [
        "https://chat.openai.com/*",
        "https://chatgpt.com/*",
        "https://claude.ai/*",
        "https://gemini.google.com/*",
        "https://www.google.com/*",
        "https://copilot.microsoft.com/*",
        "https://www.perplexity.ai/*",
        "https://x.com/*",
        "https://grok.com/*",
        "https://chat.deepseek.com/*",
        "https://chat.qwen.ai/*",
        "https://chat.mistral.ai/*",
        "https://huggingface.co/*",
        "https://poe.com/*"
      ]
    }
  ],
  "host_permissions": [
    "https://chat.openai.com/*",
    "https://chatgpt.com/*",
    "https://claude.ai/*",
    "https://gemini.google.com/*",
    "https://www.google.com/*",
    "https://copilot.microsoft.com/*",
    "https://www.perplexity.ai/*",
    "https://x.com/*",
    "https://grok.com/*",
    "https://chat.deepseek.com/*",
    "https://chat.qwen.ai/*",
    "https://chat.mistral.ai/*",
    "https://huggingface.co/*",
    "https://poe.com/*",
    "https://cdn.jsdelivr.net/*"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self'; object-src 'self'"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "libs/showdown.min.js",
        "libs/html2pdf.bundle.min.js",
        "styles/chat-pdf.css",
        "scripts/export.js",
        "scripts/exportMarkdown.js"
      ]
    }
  ]
}

by ✦ Astarte

GrabChat - Export & Backup AI Chats and save context in JSON, MD, and PDF

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (54 total):

Raw Manifest

Detections

Manifest Findings