keepClipper - web clipper for google keep
Version 0.1.14 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a relatively small user base of 965 users and only 6 ratings, which limits confidence in its reliability. The 3.8-star rating is moderate but based on very few reviews. The developer "noterail.co" appears to be a smaller entity without established reputation. The extension's purpose as a web clipper for Google Keep is legitimate and the host permissions align with this functionality.
The primary concern is the "Broad Host Permissions" finding, though in this case the permissions are specifically scoped to Google Keep domains rather than truly broad access. The activeTab permission could potentially access sensitive information from any tab when the extension is activated. The combination of scripting and storage permissions means the extension can execute code and retain data, which requires trust in the developer's intentions and security practices.
The declarativeNetRequestWithHostAccess permission is somewhat unusual for a simple web clipper and could potentially be used to modify network requests to Google Keep.
Given the medium risk level and small user base, consider running this extension in a separate Chrome profile if you handle sensitive information. Monitor the extension's behavior when clipping content to ensure it only accesses Google Keep as intended. Consider alternatives with larger user bases and more established developers if available. Regularly review what data the extension has stored and remove it if no longer needed.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- contextMenus
- declarativeNetRequestWithHostAccess
- sidePanel
- storage
- scripting
Optional Permissions:
- cookies
Host Permissions:
- https://keep.google.com/*
- https://notes-pa.clients6.google.com/static/proxy.html?*
Embedded URLs (41 total):
| https://mail.google.com/mail/u/0/ | https://crxextstatic.blob.core.windows.net/themes/ | |
| https://chatgpt.com/ | https://github.com/emn178/js-sha3 | |
| https://app.chathub.gg | https://api.openai.com | |
| https://chatgpt.com/api/auth/session | https://chatgpt.com/backend-api/sentinel/chat-requirements | |
| https://chatgpt.com/backend-api/conversation | https://chatgpt.com/backend-anon/conversation | |
| https://bug-collector.collectionrail.workers.dev/collect-bug | http://www.w3.org/2000/svg | |
| https://keep.google.com/ | https://accounts.google.com/ | |
| https://www.youtube.com/watch?v= | https://embed-pdf.pages.dev/embed-pdf.html?srcUrl= | |
| https://keep.google.com/#NOTE/ | https://notes-pa.clients6.google.com | |
| http://keep.google.com | https://chromewebstore.google.com/detail/markkeep-live-markdown-ed/apaichjnonnngeomniljoenbebhnodib | |
| https://chromewebstore.google.com/ | https://bug-collector.noterail.workers.dev/collect-bug | |
| https://mail.google.com/mail/u/0/?to=noterailhelp@gmail.com | https://noterail.co | |
| https://crxextstatic.blob.core.windows.net/note-rail/keep_clipper_pin_extension.webm | https://crxextstatic.blob.core.windows.net/note-rail/keep_clipper_update-keyboard-shortcut.webm | |
| https://crxextstatic.blob.core.windows.net/note-rail/keep_clipper_clip_article.webm | https://crxextstatic.blob.core.windows.net/note-rail/keep_clipper_ai_summary.webm | |
| https://crxextstatic.blob.core.windows.net/note-rail/keep_crlt-c-drag-text.webm | https://crxextstatic.blob.core.windows.net/note-rail/keep_clipper_capture_screenshot.webm | |
| https://crxextstatic.blob.core.windows.net/note-rail/keep_highlight_text.webm | https://crxextstatic.blob.core.windows.net/note-rail/keep_clipper_clip_image.webm | |
| https://crxextstatic.blob.core.windows.net/note-rail/keep_clipper_embed_pdf_file.webm | https://clients2.google.com/service/update2/crx | |
| https://notes-pa.clients6.google.com/static/proxy.html? | https://notes-pa.clients6.google.com/notes/v1/changes?alt=json&key=AIzaSyDE7NHMUZfMoJVu-YNkK-7AXFSuL1Q9gKE | |
| https://notes-pa.clients6.google.com/upload/notes/v1/media/ | https://chatgpt.com | |
| https://keep.google.com | https://chromewebstore.google.com/detail/keepclipper-web-clipper-f/amcdpedhkddkciknnpjamibpojcbbigf/reviews/#:~:text:Write%20a%20review | |
| https://uninstall-feedback.pages.dev/?e= |
Raw Manifest
{ "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3YyHpWkn6irvSKeQ2Dcs51GyErFD546LKw/JejooDXUKZP+ZNSj9oYM6isoiK88Mg1rOG8V05+A9XUU3ks95FpryGU6sKhTVO1wLVzLE5e/ov9SInghz6duOsLz5ER9ckHVtNJTKkFxi69ZcMXxqVNRgH1uPyqhRkbvbfpSZosOrZMlY3b1glGiuwFSuJW2Hn9ZUHoBY+YUzssWcRAM7YkxPdGJ6BrY+KA9iaok3T7P+tLKamX4K7PG+V4rIp4lwr/Ot6CemP1GzWlkvqsPF8VjcC3Eo3B+/vMLCxN5j/3fOlSuyVvwMIBcOCHCQ5smM1Qz14jPiBh8p2Ds2rovEwIDAQAB", "name": "__MSG_extName__", "icons": { "24": "icon-24.png", "32": "icon_32.png", "128": "icon-128.png" }, "action": { "default_popup": "popup/index.html", "default_title": "Open keepClipper (Alt+K)" }, "author": "NoteRail", "version": "0.1.14", "commands": { "screenshot": { "description": "Capture screenshot", "suggested_key": { "default": "Alt+S" } }, "_execute_action": { "suggested_key": { "mac": "Alt+K", "linux": "Alt+K", "default": "Alt+K", "windows": "Alt+K" } }, "multi_select_text": { "description": "Multi select text", "suggested_key": { "default": "Alt+M" } } }, "background": { "type": "module", "service_worker": "background/background.js" }, "short_name": "keepClipper", "side_panel": { "default_path": "panel/index.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extDescription__", "permissions": [ "activeTab", "contextMenus", "declarativeNetRequestWithHostAccess", "sidePanel", "storage", "scripting" ], "options_page": "options/index.html", "default_locale": "en", "content_scripts": [ { "js": [ "scripts/xhr.js" ], "world": "MAIN", "run_at": "document_start", "matches": [ "https://notes-pa.clients6.google.com/static/proxy.html?*" ], "all_frames": true }, { "js": [ "scripts/msg-proxy.js" ], "run_at": "document_start", "matches": [ "https://notes-pa.clients6.google.com/static/proxy.html?*" ], "all_frames": true } ], "offline_enabled": true, "host_permissions": [ "https://keep.google.com/*", "https://notes-pa.clients6.google.com/static/proxy.html?*" ], "manifest_version": 3, "optional_permissions": [ "cookies" ], "minimum_chrome_version": "123", "declarative_net_request": { "rule_resources": [ { "id": "keep-request", "path": "keep-request.json", "enabled": true } ] }, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "scripts/screenshot/crop-box.js", "scripts/screenshot/shot-cropper-PVQGE525.css", "scripts/highlighter/Highlighter.js", "scripts/clip-article/auto-clip-article.js", "scripts/clip-article/manual-clip.js", "scripts/generator/enums.js", "scripts/generator/mark-txt-generator.js", "scripts/generator/text-generator.js", "scripts/func-script.js" ] } ], "optional_host_permissions": [ "<all_urls>" ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.