[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

WordTune Voice Extension

Version 2.0 View in Chrome Web Store

Last scanned: 1 day ago | force re-scan

Extension Details

Rating: 0.0 ★

Users: 45

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

This extension has extremely limited trust indicators with only 45 users, no rating data, and missing critical information like author details and last update date. The lack of transparency around the developer and the minimal user base suggest this is either a very new or potentially abandoned extension. The connection to WordTune (a legitimate writing assistant service) cannot be verified without proper developer attribution.

Concerns:

The clipboardWrite permission is particularly concerning for a voice extension, as it allows the extension to modify clipboard content without user awareness, potentially replacing copied sensitive information. The broad host permissions to OpenAI's API, while functionally relevant, combined with activeTab access creates a pathway for data exfiltration. The extension could theoretically capture content from any active tab and send it to external servers. The missing author information and extremely low user count raise questions about legitimacy and ongoing maintenance.

Recommendations:

Given the high risk level, run this extension in a separate Chrome profile isolated from sensitive browsing activities. Avoid using it on pages containing personal, financial, or confidential information. Monitor your clipboard contents after using the extension to ensure no unauthorized modifications occur. Consider waiting for the extension to gain more users and reviews, or seek established alternatives from verified developers. If you must use it, regularly review the extension's network activity and consider uninstalling if any suspicious behavior is detected.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: clipboardWrite

This extension has the clipboardWrite permission. Can modify clipboard content. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

Raw Manifest

{
  "name": "WordTune Voice Extension",
  "action": {
    "default_popup": "popup.html",
    "default_title": "Dictation & Translation"
  },
  "version": "2.0",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Dictate speech, translate it via OpenAI, and read selected text.",
  "permissions": [
    "clipboardWrite",
    "activeTab",
    "scripting"
  ],
  "host_permissions": [
    "https://api.openai.com/*"
  ],
  "manifest_version": 3
}

by ✦ Astarte

WordTune Voice Extension

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (4 total):

Raw Manifest

Detections

Manifest Findings

https://api.openai.com/v1/chat/completions	https://i.postimg.cc/qMM0hP28/New-WTHeader.png
https://clients2.google.com/service/update2/crx	https://api.openai.com/