Extension Details
Rating:
5.0 ★
(9 ratings)
Users:
548
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
HIGH
Risk Level
Trust Factors:
- The extension has a relatively small user base of only 548 users, which could indicate a lack of widespread trust or popularity.
- The developer information is not provided, making it difficult to assess the reputation or trustworthiness of the developer.
Concerns:
- The extension requests broad host permissions (<all_urls>) and can inject content scripts into any website (*://*/*, file://*/*). These permissions could potentially be abused to steal sensitive data, track browsing activity, or modify website content.
- The extension has the "tabs" permission, which allows it to access and manipulate browser tabs. This could be used maliciously to compromise security or privacy.
- The lack of developer information and small user base raise concerns about the trustworthiness and reputation of the extension.
Recommendations:
- Exercise caution when using this extension, as it has broad permissions that could potentially be exploited for malicious purposes.
- Consider running the extension in a separate browser profile or a sandboxed environment to mitigate potential risks.
- Monitor the extension's behavior and network activity for any suspicious activity.
- If possible, seek alternative extensions from reputable developers with a larger user base and more transparent information.
- Keep the extension updated to the latest version and uninstall it if any concerning behavior is observed.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 6 total findings, ranked without considering overall context, including 3 high-risk and 3 medium-risk findings.
HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: tabs
This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: contextMenus
This extension has the contextMenus permission. Can add items to the context menu.
MEDIUM
Medium-Risk Permission: notifications
This extension has the notifications permission. Can show notifications.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- input
- background
- storage
- notifications
- tabs
- contextMenus
Host Permissions:
- <all_urls>
Embedded URLs (27 total):
| http://www.wtfpl.net/ | http://pieroxy.net/blog/pages/lz-string/testing.html | |
| https://npms.io/search?q=ponyfill. | https://www.moedict.tw/ | |
| https://www.moedict.tw/: | https://www.google.com/search?q= | |
| https://dict.revised.moe.edu.tw/search.jsp?md=1&word= | https://dict.concised.moe.edu.tw/search.jsp?md=1&word= | |
| https://dict.idioms.moe.edu.tw/idiomList.jsp?idiom= | https://dict.variants.moe.edu.tw/search.jsp?QTP=0&WORD= | |
| https://stroke-order.learningweb.moe.edu.tw/charactersQueryResult.do?words= | https://sutian.moe.edu.tw/zh-hant/tshiau/?lui=tai_su&tsha= | |
| https://zh.wiktionary.org/wiki/Special:Search?search= | https://www.kangxizidian.com/search/index.php?stype=Word&sword= | |
| https://www.unicode.org/cgi-bin/GetUnihanData.pl?codepoint= | https://chardb.iis.sinica.edu.tw/search.jsp?q= | |
| https://mcbopomofo.openvanilla.org/ | https://lodash.com/ | |
| https://openjsf.org/ | https://lodash.com/license | |
| http://underscorejs.org/LICENSE | https://clients2.google.com/service/update2/crx | |
| https://developer.chrome.com/docs/extensions/mv3/intro/ | https://chrome.google.com/webstore/detail/mcbopomofo/pkjjfjnlglfhgfaipoempeaghmpfakkg?hl=zh-TW | |
| https://zh.wikipedia.org/zh-tw/%E8%8B%8F%E5%B7%9E%E7%A0%81%E5%AD%90 | https://zh.m.wikipedia.org/zh-tw/%E5%80%9A%E5%A4%A9%E4%B8%AD%E6%96%87%E7%B3%BB%E7%B5%B1 | |
| https://www.goingpro.me/ |
Raw Manifest
{ "name": "__MSG_manifestName__", "icons": { "16": "icons/icon16.png", "48": "icons/icon48.png", "64": "icons/icon64.png", "128": "icons/icon128.png" }, "version": "1.8.1", "commands": { "toggle-chinese-convert": { "description": "__MSG_commandToggleChineseConvert__", "suggested_key": "Alt+Shift+G" } }, "background": { "type": "module", "service_worker": "bundle.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_manifestDesc__", "permissions": [ "input", "background", "storage", "notifications", "tabs", "contextMenus" ], "options_page": "options.html", "default_locale": "en", "content_scripts": [ { "js": [ "content-script.js" ], "matches": [ "*://*/*", "file://*/*" ] } ], "host_permissions": [ "<all_urls>" ], "input_components": [ { "id": "org.openvanilla.mcbopomofo.us", "name": "__MSG_imeUS__", "type": "ime", "layouts": [ "us" ], "language": "zh-TW", "indicator": "麥", "description": "McBopomofo", "options_page": "options.html" }, { "id": "org.openvanilla.mcbopomofo.us-dvorak", "name": "__MSG_imeDvorak__", "type": "ime", "layouts": [ "us-dvorak" ], "language": "zh-TW", "indicator": "麥", "description": "McBopomofo", "options_page": "options.html" }, { "id": "org.openvanilla.mcbopomofo.us-colemak", "name": "__MSG_imeColmak__", "type": "ime", "layouts": [ "us-colemak" ], "language": "zh-TW", "indicator": "麥", "description": "McBopomofo", "options_page": "options.html" } ], "manifest_version": 3 }
Secure Annex (beta)
Coming soon...