[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Claude AI Chrome Extension

Version 1.0 View in Chrome Web Store

Last scanned: about 10 hours ago

Extension Details

Rating: 5.0 ★ (1 rating)

Users: 9,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has a perfect 5.0 rating but with only 1 review, making this rating unreliable. With 9,000 users, it has moderate adoption but lacks transparency with missing author information and last updated date. The absence of developer details raises concerns about accountability and support.

Concerns:

The most significant concern is the broad content script injection capability allowing the extension to run scripts on all websites. This creates substantial risk for data theft, credential harvesting, and website manipulation. The contextMenus permission, while seemingly benign, combined with universal site access could enable malicious right-click menu options. The storage permission allows persistent data collection across browsing sessions. The activeTab permission provides additional access when users interact with the extension.

The combination of universal website access with data storage capabilities creates a powerful surveillance and data collection framework. The lack of developer transparency compounds these technical risks.

Recommendations:

Run this extension in a separate Chrome profile to isolate potential damage. Avoid using it on sensitive websites like banking or work platforms. Monitor your browsing behavior for unusual activity. Consider alternative Claude AI access methods like the official website. If you must use this extension, regularly review what data it might be collecting and limit usage to non-sensitive browsing sessions.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "Claude AI Chrome Extension",
  "icons": {
    "16": "images/icon16.png",
    "48": "images/icon48.png",
    "128": "images/icon128.png"
  },
  "action": {
    "default_icon": {
      "16": "images/icon16.png",
      "48": "images/icon48.png",
      "128": "images/icon128.png"
    },
    "default_popup": "options.html"
  },
  "version": "1.0",
  "commands": {
    "summarize": {
      "description": "Summarize selected text",
      "suggested_key": {
        "default": "Ctrl+Shift+S"
      }
    },
    "translate": {
      "description": "Translate selected text",
      "suggested_key": {
        "default": "Ctrl+Shift+T"
      }
    }
  },
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Translate or summarize selected text using Claude API.",
  "permissions": [
    "contextMenus",
    "storage",
    "activeTab",
    "scripting"
  ],
  "options_page": "options.html",
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "manifest_version": 3
}

by ✦ Astarte

Claude AI Chrome Extension

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Embedded URLs (3 total):

Raw Manifest

Detections

Manifest Findings

https://api.anthropic.com/v1/messages	http://www.w3.org/2000/svg
https://clients2.google.com/service/update2/crx