NotebookLM Importer - Web & YouTube
Version 1.0.2 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has very limited adoption with only 62 users, which raises concerns about its maturity and community vetting. While it maintains a high 4.9 rating, the small user base makes this less meaningful. The lack of visible developer information reduces transparency and accountability. The extension targets NotebookLM integration, which suggests legitimate functionality, but the implementation approach raises security concerns.
The identity permission combined with identity.email access creates significant privacy risks, allowing the extension to access your Google account information. The broad host permissions (https://*/*) grant access to all websites, which is excessive for an extension that should primarily interact with NotebookLM and specific content sources. This combination of identity access and universal website permissions creates a dangerous attack surface where the extension could potentially harvest personal data across all your browsing activities.
The storage permission, while necessary for functionality, adds another data collection vector when combined with the other permissions.
Given the high-risk permission combination and low user adoption, consider running this extension in a separate Chrome profile isolated from your main browsing activities. Only use it when specifically needed for NotebookLM tasks. Monitor your Google account activity for any unusual access patterns. Consider waiting for the extension to mature and gain more users before trusting it with sensitive permissions, or look for alternative solutions with more restrictive permissions.
Findings
Security Analysis Details
Required Permissions:
- storage
- identity
- identity.email
- activeTab
- scripting
Host Permissions:
- https://notebooklm.google.com/*
- https://*/*
Embedded URLs (26 total):
| https://clients2.google.com/service/update2/crx | https://notebooklm.google.com/ | |
| https://www.googleapis.com/auth/userinfo.email | https://www.googleapis.com/auth/userinfo.profile | |
| https://reactjs.org/docs/error-decoder.html?invariant= | http://www.w3.org/1999/xlink | |
| http://www.w3.org/XML/1998/namespace | http://www.w3.org/2000/svg | |
| http://www.w3.org/1998/Math/MathML | http://www.w3.org/1999/xhtml | |
| https://ext-boost.super-ext.com/#products | https://api.ext-api.com | |
| https://empty.invalid | https://example.com/article1 | |
| https://example.com/article2 | https://example.com/articulo1 | |
| https://example.com/articulo2 | https://checkout.super-ext.com | |
| https://api.ext-api.com/pay/url? | https://chromewebstore.google.com/detail/pblecfcfnmcaamhghlgolimeehmakeak | |
| https://notebooklm-importer.super-ext.com#pricing | https://notebooklm-importer.super-ext.com | |
| https://radix-ui.com/primitives/docs/components/ | https://notebooklm.google.com/notebook/ | |
| https://www.youtube.com/watch?v= | https://www.youtube.com/oembed?url= |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwusvLcrSsbBRZPSH/qA9XAltLy7DL2wTsz6Tv7y+ls4MMD1pxVMExokMcp14KQP7UppCBc9wVp1prUMaIH0X40E8WW9PAAhWMDDnInP3eSZ41RY/OOjUiON2qvKZbKq4So1Ch1YJLTy4L+SmKXHd2z+xB+Qa2ze9aPO2mkpGzJyqvHCTiZLjNXLYOJRETcSyh5SAe5od99Y7Scazyp0KPfWUJDO3BcG8aFBbJdGUal22RQdLQexycR8DbmRZ4+S1mAoXE78XPsvtZiW7+Tq73p3/J293dpaXijyJVfoYDrt5W98SlNJTdUXX3OxFW6Bxn9c09BWqEMSQdy6TWVlWswIDAQAB", "name": "__MSG_name__", "icons": { "16": "icon16.plasmo.6c567d50.png", "32": "icon32.plasmo.76b92899.png", "48": "icon48.plasmo.aced7582.png", "64": "icon64.plasmo.8bb5e6e0.png", "128": "icon128.plasmo.3c1ed2d2.png" }, "action": { "default_icon": { "16": "icon16.plasmo.6c567d50.png", "32": "icon32.plasmo.76b92899.png", "48": "icon48.plasmo.aced7582.png", "64": "icon64.plasmo.8bb5e6e0.png", "128": "icon128.plasmo.3c1ed2d2.png" }, "default_popup": "popup.html" }, "author": "notebooklm-importer", "oauth2": { "scopes": [ "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile" ], "client_id": "935607655859-k1od86vut8o86rspj34bns7fuivf812o.apps.googleusercontent.com" }, "version": "1.0.2", "background": { "service_worker": "static/background/index.js" }, "short_name": "NotebookLM Web Importer", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_description__", "permissions": [ "storage", "identity", "identity.email", "activeTab", "scripting" ], "default_locale": "en", "host_permissions": [ "https://notebooklm.google.com/*", "https://*/*" ], "manifest_version": 3 }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.