[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

AI Search Fan-out Tracker

Version 1.2.0 View in Chrome Web Store

Last scanned: about 6 hours ago

Extension Details

Rating: 4.8 ★ (4 ratings)

Users: 1,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a very high rating of 4.8 stars, though based on only 4 reviews, which limits reliability. With 1,000 users, it has modest adoption but lacks extensive community validation. The absence of clear author and developer information raises transparency concerns. The extension targets popular AI platforms (ChatGPT and Gemini), suggesting legitimate functionality for AI search tracking.

Concerns:

- Broad host permissions create potential for data collection beyond stated purpose

- Access to sensitive AI platforms where users may share confidential information

- Unknown third-party server (vercel.app domain) could be collecting user data

- Limited developer transparency with no clear contact information

- Small user base and review count make it difficult to assess real-world safety

- Storage permission combined with broad access could enable persistent tracking

- Content script injection on AI platforms poses privacy risks for sensitive conversations

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing session. Monitor what data might be transmitted to the third-party server. Be cautious about using it during sensitive AI conversations. Given the legitimate use case but concerning permissions, evaluate whether the functionality is essential enough to justify the privacy trade-offs. Consider alternatives with more transparent developers or narrower permissions if available.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://gemini.google.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "AI Search Fan-out Tracker",
  "icons": {
    "16": "icons/icon16.png",
    "48": "icons/icon48.png",
    "128": "icons/icon128.png"
  },
  "action": {
    "default_icon": {
      "16": "icons/icon16.png",
      "48": "icons/icon48.png",
      "128": "icons/icon128.png"
    },
    "default_popup": "popup.html"
  },
  "version": "1.2.0",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Tracks and stores search queries (fan-outs) from ChatGPT and Gemini for analysis and optimization",
  "permissions": [
    "activeTab",
    "storage"
  ],
  "content_scripts": [
    {
      "js": [
        "content.js"
      ],
      "matches": [
        "https://chatgpt.com/*",
        "https://gemini.google.com/*"
      ]
    }
  ],
  "host_permissions": [
    "https://chatgpt.com/*",
    "https://gemini.google.com/*",
    "https://server-theta-nine-63.vercel.app/*"
  ],
  "manifest_version": 3,
  "web_accessible_resources": [
    {
      "matches": [
        "https://chatgpt.com/*",
        "https://gemini.google.com/*"
      ],
      "resources": [
        "popup.js"
      ]
    }
  ]
}

by ✦ Astarte

AI Search Fan-out Tracker

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (8 total):

Raw Manifest

Detections

Manifest Findings

https://server-theta-nine-63.vercel.app	https://chatgpt.com
https://gemini.google.com	https://chatgpt.com/
https://gemini.google.com/	https://clients2.google.com/service/update2/crx
https://server-theta-nine-63.vercel.app/	http://www.w3.org/2000/svg