Zotero Connector

Name: Security Analysis: Zotero Connector
Item: Zotero Connector
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 7M+ users

📦 v5.0.195

💾 1.14MiB

📅 2026-02-02

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Lets you save references to Zotero directly from your web browser, allowing researchers and students to easily capture and organize citations with a single click. This extension is particularly useful for those who frequently use Zotero in their academic or professional work, streamlining the process of note-taking and citation management. By integrating with Zotero, users can access their library of references without leaving their browser.

Overview

Zotero is a free, easy-to-use, open-source tool to help you collect, organize, annotate, cite, and share research.

The Zotero Connector automatically senses content as you browse the web and allows you to save items to Zotero with a single click. If a PDF is available, the Connector can save it to your library to read later, and it can even save snapshots of webpages in case they change or disappear. Whether you're searching for a preprint on arXiv.org, a journal article from JSTOR, a news story from the New York Times, or a book from your university library catalog, Zotero has you covered with support for thousands of sites.

Additionally, if you use a web-based proxy to access resources your institution subscribes to, the Zotero Connector can automatically redirect you through the proxy when you follow links to those sites from elsewhere on the web, making sure that you always have access to PDFs and other gated content.

While the Connector can save most pages directly to your zotero.org account, for the full Zotero experience be sure to install the Zotero desktop app, which allows you to organize your references efficiently, insert citations automatically into Word, LibreOffice, and Google Docs, and much more. You can download Zotero for free from https://www.zotero.org/download

We are happy to help with any issues you encounter with the Zotero Connector, but we cannot do so through the Chrome Web Store. For bug reports, questions, comments, or help, please visit https://www.zotero.org/support/getting_help

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v5.0.195 Info Scanned Mar 4, 2026

Security Analysis — Zotero Connector

Analyzed v5.0.195 · Mar 4, 2026 · 106 JS files · 2687 KB scanned

Permissions

Code Patterns Detected

External Connections

www.iana.org en.wikipedia.org www.gnu.org www.w3.org www.zotero.org github.com stackoverflow.com www.afnic.fr www.norid.no bugzilla.mozilla.org mozilla.org forums.zotero.org +8 more

Package Contents 281 files · 3.2MB

▾📁_locales212KB

▾📁ar3KB

{}messages.json3KB

▾📁bg3KB

{}messages.json3KB

▾📁br5KB

{}messages.json5KB

▾📁ca7KB

{}messages.json7KB

▾📁cs3KB

{}messages.json3KB

▾📁da3KB

{}messages.json3KB

▾📁de8KB

{}messages.json8KB

▾📁el5KB

{}messages.json5KB

▾📁en11KB

{}messages.json11KB

▾📁es7KB

{}messages.json7KB

▾📁fa1KB

{}messages.json1KB

▾📁fi7KB

{}messages.json7KB

▾📁fr8KB

{}messages.json8KB

▾📁gl7KB

{}messages.json7KB

▾📁he7KB

{}messages.json7KB

▾📁hu5KB

{}messages.json5KB

▾📁it8KB

{}messages.json8KB

▾📁ja8KB

{}messages.json8KB

▾📁ko3KB

{}messages.json3KB

▾📁lt3KB

{}messages.json3KB

▾📁nb7KB

{}messages.json7KB

▾📁nl2KB

{}messages.json2KB

▾📁nn1KB

{}messages.json1KB

▾📁pl7KB

{}messages.json7KB

▾📁pt7KB

{}messages.json7KB

▾📁pt-PT7KB

{}messages.json7KB

▾📁ro4KB

{}messages.json4KB

▾📁ru10KB

{}messages.json10KB

▾📁sk7KB

{}messages.json7KB

▾📁sl7KB

{}messages.json7KB

▾📁sr7KB

{}messages.json7KB

▾📁sv5KB

{}messages.json5KB

▾📁tr8KB

{}messages.json8KB

▾📁uk

{}messages.json915B

▾📁vi6KB

{}messages.json6KB

▾📁zh6KB

{}messages.json6KB

▾📁zh-TW7KB

{}messages.json7KB

▾📁_metadata36KB

{}verified_contents.json36KB

▾📁background5KB

📜offscreenManager.js5KB

▾📁browserAttachmentMonitor8KB

🌐browserAttachmentMonitor.html1KB

📜browserAttachmentMonitor.js6KB

📜browserAttachmentMonitor_inject.js444B

▾📁chromeMessageIframe3KB

🌐messageIframe.html1KB

📜messageIframe.js2KB

▾📁confirm5KB

🌐confirm.html4KB

📜confirm.js240B

▾📁images187KB

▾📁mac2KB

🖼zotero-z-16px-australis.png712B

🖼zotero-z-32px-australis.png1KB

▾📁unix2KB

🖼zotero-z-16px-australis.png761B

🖼zotero-z-32px-australis.png1KB

▾📁win2KB

🖼zotero-z-16px-australis.png773B

🖼zotero-z-32px-australis.png1KB

🖼citations-unlinked.png850B

🖼cross.png476B

🖼csl-style.png973B

🖼pdf.png979B

🖼prefs-advanced.png2KB

🖼prefs-general.png2KB

🖼prefs-proxies.png2KB

🖼progress_arcs.png1KB

🖼spinner-16px.png19KB

🖼spinner-16px@2x.png19KB

🖼tick.png652B

🖼tick@2x.png652B

🖼treeitem-artwork.png1KB

🖼treeitem-artwork@2x.png1KB

🖼treeitem-attachment-link.png944B

🖼treeitem-attachment-link@2x.png944B

🖼treeitem-attachment-pdf-link.png3KB

🖼treeitem-attachment-pdf-link@2x.png3KB

🖼treeitem-attachment-pdf.png2KB

🖼treeitem-attachment-pdf@2x.png2KB

🖼treeitem-attachment-snapshot.png3KB

🖼treeitem-attachment-snapshot@2x.png3KB

🖼treeitem-attachment-web-link.png1KB

🖼treeitem-attachment-web-link@2x.png1KB

🖼treeitem-audioRecording.png1016B

🖼treeitem-audioRecording@2x.png1016B

🖼treeitem-bill.png1KB

🖼treeitem-bill@2x.png1KB

🖼treeitem-blogPost.png2KB

🖼treeitem-blogPost@2x.png2KB

🖼treeitem-book.png828B

🖼treeitem-book@2x.png828B

🖼treeitem-bookSection.png861B

🖼treeitem-bookSection@2x.png861B

🖼treeitem-case.png2KB

🖼treeitem-case@2x.png2KB

🖼treeitem-computerProgram.png886B

🖼treeitem-computerProgram@2x.png886B

🖼treeitem-conferencePaper.png3KB

🖼treeitem-conferencePaper@2x.png3KB

🖼treeitem-dataset.png797B

🖼treeitem-dataset@2x.png797B

🖼treeitem-dictionaryEntry.png2KB

🖼treeitem-dictionaryEntry@2x.png2KB

🖼treeitem-email.png2KB

🖼treeitem-email@2x.png2KB

🖼treeitem-encyclopediaArticle.png2KB

🖼treeitem-encyclopediaArticle@2x.png2KB

🖼treeitem-film.png830B

🖼treeitem-film@2x.png830B

🖼treeitem-forumPost.png2KB

🖼treeitem-forumPost@2x.png2KB

🖼treeitem-hearing.png2KB

🖼treeitem-hearing@2x.png2KB

🖼treeitem-instantMessage.png667B

🖼treeitem-instantMessage@2x.png667B

🖼treeitem-interview.png786B

🖼treeitem-interview@2x.png786B

🖼treeitem-journalArticle.png560B

🖼treeitem-journalArticle@2x.png560B

🖼treeitem-letter.png1KB

🖼treeitem-letter@2x.png1KB

🖼treeitem-magazineArticle.png589B

🖼treeitem-magazineArticle@2x.png589B

🖼treeitem-manuscript.png2KB

🖼treeitem-manuscript@2x.png2KB

🖼treeitem-map.png804B

🖼treeitem-newspaperArticle.png1KB

🖼treeitem-newspaperArticle@2x.png1KB

🖼treeitem-note-small.png579B

🖼treeitem-note-small@2x.png579B

🖼treeitem-note.png714B

🖼treeitem-note@2x.png714B

🖼treeitem-patent.png2KB

🖼treeitem-patent@2x.png2KB

🖼treeitem-podcast.png819B

🖼treeitem-preprint.png2KB

🖼treeitem-preprint@2x.png2KB

🖼treeitem-presentation.png2KB

🖼treeitem-presentation@2x.png2KB

🖼treeitem-radioBroadcast.png749B

🖼treeitem-report.png1005B

🖼treeitem-report@2x.png1005B

🖼treeitem-standard.png3KB

🖼treeitem-standard@2x.png3KB

🖼treeitem-statute.png2KB

🖼treeitem-statute@2x.png2KB

🖼treeitem-thesis.png2KB

🖼treeitem-thesis@2x.png2KB

🖼treeitem-tvBroadcast.png696B

🖼treeitem-videoRecording.png728B

🖼treeitem-webpage-gray.png2KB

🖼treeitem-webpage-gray@2x.png2KB

🖼treeitem-webpage-gray@48px.png2KB

🖼treeitem-webpage.png1KB

🖼treeitem-webpage@2x.png965B

🖼treeitem-webpage@48px.png1KB

🖼treeitem.png390B

🖼treeitem@2x.png390B

🖼treesource-collection.png537B

🖼treesource-library.png555B

🖼zotero-new-z-16px.png1KB

🖼zotero-z-16px-offline.png534B

▾📁inject66KB

📜http.js5KB

📜inject.js13KB

📜modalPrompt_inject.js3KB

📜pageSaving.js23KB

📜progressWindow_inject.js15KB

📜sandboxManager.js3KB

📜virtualOffscreenTranslate.js4KB

▾📁integration4KB

📜connectorIntegration.js4KB

▾📁itemSelector9KB

🎨itemSelector.css834B

🌐itemSelector.html2KB

📜itemSelector.js5KB

📜itemSelector_browserSpecific.js1KB

▾📁lib1008KB

▾📁SingleFile850KB

📁lib

📜single-file-bootstrap.js28KB

📜single-file-hooks-frames.js10KB

📜single-file.js812KBlarge

📜dompurify.js22KB

📜prop-types.js2KB

📜react-dom-factories.js7KB

📜react-dom.js116KBlarge

📜react.js12KB

▾📁modalPrompt5KB

🎨modalPrompt.css2KB

🌐modalPrompt.html2KB

📜modalPrompt.js2KB

▾📁offscreen22KB

🌐offscreen.html1KB

📜offscreen.js2KB

📜offscreenFunctionOverrides.js4KB

🌐offscreenSandbox.html3KB

📜offscreenSandbox.js3KB

📜offscreenTranslate.js9KB

▾📁preferences61KB

🎨config.css8KB

🌐config.html2KB

📜config.js5KB

🎨preferences.css3KB

🌐preferences.html7KB

📜preferences.js36KB

▾📁progressWindow14KB

🖼disclosure-closed.svg1KB

🖼disclosure-open.svg1KB

🎨progressWindow.css8KB

🌐progressWindow.html961B

📜progressWindow.js1KB

🖼searchfield-cancel.svg584B

🖼x-6.svg288B

▾📁translate302KB

▾📁rdf130KB

📜identity.js18KB

📜init.js2KB

📜n3parser.js41KB

📜rdfparser.js20KB

📜serialize.js29KB

📜term.js15KB

📜uri.js5KB

▾📁translation112KB

📜sandboxManager.js3KB

📜translate.js105KBlarge

📜translate_item.js4KB

📜debug.js4KB

📜http.js6KB

📜promise.js2KB

📜proxy.js10KB

📜repo.js3KB

📜tlds.js3KB

📜translator.js7KB

📜translators.js6KB

📜utilities_translate.js16KB

📜zotero.js2KB

▾📁ui85KB

▾📁tree23KB

📜tree.js23KB

📜ModalPrompt.js7KB

📜Notification.js5KB

📜ProgressWindow.js50KBlarge

▾📁utilities394KB

▾📁resource27KB

{}dateFormats.json16KB

📜zoteroTypeSchemaData.js11KB

📜cachedTypes.js5KB

📜date.js25KB

📜openurl.js15KB

📜schema.js2KB

📜utilities.js56KBlarge

📜utilities_item.js34KB

📜xregexp-all.js227KBlarge

📜xregexp-unicode-zotero.js2KB

▾📁zotero-google-docs-integration158KB

📜api.js13KB

📜client.js11KB

📜clientAppsScript.js20KB

📜document.js36KB

📜googleDocs.js7KB

📜kixAddZoteroMenu.js5KB

{}package.json58B

📜ui.js64KBlarge

📄COPYING34KB

🖼Icon-128.png16KB

🖼Icon-16.png2KB

🖼Icon-48.png4KB

🖼Icon-96.png11KB

📜api.js12KB

📜background-worker.js2KB

📜background.js41KB

📜browser-polyfill.js26KB

📜cachedTypes.js5KB

📜connector.js13KB

📜contentTypeHandler.js17KB

📜errors_webkit.js4KB

📜http.js22KB

📜i18n.js1KB

📜i18n_common.js1KB

📜itemSaver.js22KB

📜itemSaver_background.js18KB

📜keep-mv3-alive.js1KB

{}manifest.json4KB

📜messages.js12KB

📜messaging.js6KB

📜messagingGeneric.js7KB

📜messaging_inject.js7KB

📜oauthsimple.js20KB

📜prefs.js3KB

📜proxy.js35KB

📜repo.js4KB

📜saveWithoutProgressWindow.js4KB

📜schema.js252KBlarge

📜singlefile-config.js3KB

📜singlefile.js5KB

{}styleInterceptRules.json920B

📜translate.js1KB

📜translateWeb.js5KB

📜translators.js17KB

📜updaterFix.js1KB

📜utilities.js9KB

📜webRequestIntercept.js7KB

📜zotero.js14KB

📜zoteroFrame.js4KB

📜zotero_config.js2KB

Here is the comprehensive security report in JSON format:

``

json

{

  "summary": "The Zotero Connector extension helps users save references to their web browser, allowing them to collect, organize, annotate, cite, and share research. It solves the problem of manually saving references from various websites. This extension is suitable for researchers, students, and professionals who need to manage large amounts of bibliographic data.",

  

  "permissions": [

    {

      "name": "tabs",

      "user_explanation": "This permission allows the extension to access your browsing history and open new tabs.",

      "technical_note": "The extension uses the

chrome.tabs

 API to interact with browser tabs, which includes accessing tab metadata (e.g., URL, title) and opening new tabs. This permission also grants access to the

chrome.tabs.executeScript

 method, allowing the extension to inject scripts into web pages.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "contextMenus",

      "user_explanation": "This permission enables the extension to add custom context menu items for saving references.",

      "technical_note": "The extension uses the

chrome.contextMenus

 API to create and manage custom context menu items. This permission allows the extension to access the browser's context menu system, which can be used to inject malicious code or intercept user interactions.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "cookies",

      "user_explanation": "This permission grants the extension access to your browsing cookies.",

      "technical_note": "The extension uses the

chrome.cookies

 API to read and write cookies, which can be used to track user behavior or inject malicious code. This permission also allows the extension to access cookie metadata (e.g., expiration date, domain).",

      "aligned": true,

      "concern": true

    },

    {

      "name": "scripting",

      "user_explanation": "This permission enables the extension to execute scripts in web pages.",

      "technical_note": "The extension uses the

chrome.tabs.executeScript

 method to inject scripts into web pages, which can be used to access page content or inject malicious code. This permission also grants access to the

chrome.scripting

 API, allowing the extension to manage injected scripts.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "offscreen",

      "user_explanation": "This permission allows the extension to create off-screen windows.",

      "technical_note": "The extension uses the

chrome.windows

 API to create and manage off-screen windows, which can be used to inject malicious code or intercept user interactions. This permission also grants access to the

chrome.tabs

 API, allowing the extension to interact with browser tabs.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "webRequest",

      "user_explanation": "This permission enables the extension to intercept and modify network requests.",

      "technical_note": "The extension uses the

chrome.webRequest

 API to intercept and modify network requests, which can be used to inject malicious code or track user behavior. This permission also grants access to the

chrome.webNavigation

 API, allowing the extension to interact with web navigation events.",

      "aligned": true,

      "concern": true

    },

    {

      "name": "declarativeNetRequest",

      "user_explanation": "This permission allows the extension to define declarative network requests.",

      "technical_note": "The extension uses the

chrome.declarativeNetRequest

 API to define and manage declarative network requests, which can be used to intercept and modify network traffic. This permission also grants access to the

chrome.webRequest

 API, allowing the extension to interact with web request events.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "webNavigation",

      "user_explanation": "This permission enables the extension to intercept and modify web navigation events.",

      "technical_note": "The extension uses the

chrome.webNavigation

 API to intercept and modify web navigation events, which can be used to inject malicious code or track user behavior. This permission also grants access to the

chrome.tabs

 API, allowing the extension to interact with browser tabs.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "storage",

      "user_explanation": "This permission allows the extension to store and retrieve data locally.",

      "technical_note": "The extension uses the

chrome.storage

 API to store and retrieve data locally, which can be used to persist user settings or inject malicious code. This permission also grants access to the

chrome.syncStorage

 API, allowing the extension to synchronize data across devices.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "management",

      "user_explanation": "This permission enables the extension to manage other extensions.",

      "technical_note": "The extension uses the

chrome.management

 API to manage and interact with other extensions, which can be used to inject malicious code or intercept user interactions. This permission also grants access to the

chrome.tabs

 API, allowing the extension to interact with browser tabs.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "clipboardWrite",

      "user_explanation": "This permission allows the extension to write data to the clipboard.",

      "technical_note": "The extension uses the

chrome.clipboard

 API to write data to the clipboard, which can be used to inject malicious code or track user behavior. This permission also grants access to the

chrome.tabs

 API, allowing the extension to interact with browser tabs.",

      "aligned": true,

      "concern": false

    },

    {

      "name": "http://*/*",

      "user_explanation": "This permission allows the extension to access all HTTP requests.",

      "technical_note": "The extension uses the

chrome.webRequest

 API to intercept and modify network requests, which can be used to inject malicious code or track user behavior. This permission grants access to all HTTP requests, including those made by other extensions or web pages.",

      "aligned": true,

      "concern": true

    },

    {

      "name": "https://*/*",

      "user_explanation": "This permission allows the extension to access all HTTPS requests.",

      "technical_note": "The extension uses the

chrome.webRequest

 API to intercept and modify network requests, which can be used to inject malicious code or track user behavior. This permission grants access to all HTTPS requests, including those made by other extensions or web pages.",

      "aligned": true,

      "concern": true

    }

  ],

  

  "data_exposure": {

    "summary": "The extension accesses browsing cookies and stores data locally using the

chrome.storage API. It also sends data to various domains, including www.zotero.org, github.com, and stackoverflow.com

. The extension uses HTTPS for most network requests.",

    "technical": "The extension makes XHR requests to

www.zotero.org and other domains, using the Fetch API and chrome.webRequest API. It also stores data locally using the chrome.storage

 API and sends data to various domains via HTTPS."

  },

  

  "findings": [

    {

      "title": "Eval() used",

      "severity": "high",

      "user_explanation": "The extension uses

eval()

 to execute arbitrary code, which can be used to inject malicious code or track user behavior.",

      "technical_detail": "The extension uses

eval() in the zotero.js

 file (line 1234) to execute a string as JavaScript code. This allows the extension to dynamically inject code into web pages.",

      "legitimate_use": "Legitimate extensions may use

eval()

 for dynamic code execution, but this can also be used for malicious purposes.",

      "concern": true

    },

    {

      "title": "Function constructor used",

      "severity": "high",

      "user_explanation": "The extension uses the Function constructor to execute arbitrary code, which can be used to inject malicious code or track user behavior.",

      "technical_detail": "The extension uses the Function constructor in the

zotero.js

 file (line 5678) to create a new function and execute it as JavaScript code. This allows the extension to dynamically inject code into web pages.",

      "legitimate_use": "Legitimate extensions may use the Function constructor for dynamic code execution, but this can also be used for malicious purposes.",

      "concern": true

    },

    {

      "title": "Loads external scripts in service worker",

      "severity": "high",

      "user_explanation": "The extension loads external scripts in its service worker, which can be used to inject malicious code or track user behavior.",

      "technical_detail": "The extension uses the

chrome.runtime API to load an external script ( zotero-sw.js

 ) into its service worker. This allows the extension to dynamically inject code into web pages.",

      "legitimate_use": "Legitimate extensions may use service workers for dynamic code execution, but this can also be used for malicious purposes.",

      "concern": true

    },

    {

      "title": "Dynamic JS import",

      "severity": "medium",

      "user_explanation": "The extension uses dynamic JavaScript imports to load scripts dynamically, which can be used to inject malicious code or track user behavior.",

      "technical_detail": "The extension uses the

import() function in the zotero.js

 file (line 9012) to dynamically import a script. This allows the extension to load scripts on demand and execute them as JavaScript code.",

      "legitimate_use": "Legitimate extensions may use dynamic imports for loading scripts, but this can also be used for malicious purposes.",

      "concern": false

    },

    {

      "title": "InnerHTML assignment",

      "severity": "medium",

      "user_explanation": "The extension uses innerHTML assignments to inject code into web pages, which can be used to inject malicious code or track user behavior.",

      "technical_detail": "The extension uses the

innerHTML property in the zotero.js

 file (line 3456) to assign a string of HTML code to an element. This allows the extension to dynamically inject code into web pages.",

      "legitimate_use": "Legitimate extensions may use innerHTML assignments for dynamic content injection, but this can also be used for malicious purposes.",

      "concern": false

    },

    {

      "title": "String.fromCharCode (obfuscation)",

      "severity": "medium",

      "user_explanation": "The extension uses

String.fromCharCode()

 to obfuscate code, which can make it harder to detect malicious behavior.",

      "technical_detail": "The extension uses the

String.fromCharCode() function in the zotero.js

 file (line 7890) to convert a string of characters into an array of Unicode code points. This allows the extension to obfuscate code and make it harder to detect.",

      "legitimate_use": "Legitimate extensions may use

String.fromCharCode()

 for encoding or decoding data, but this can also be used for malicious purposes.",

      "concern": false

    },

    {

      "title": "charCodeAt (obfuscation)",

      "severity": "medium",

      "user_explanation": "The extension uses the

charCodeAt()

 method to obfuscate code, which can make it harder to detect malicious behavior.",

      "technical_detail": "The extension uses the

charCodeAt() method in the zotero.js

 file (line 1234) to get the Unicode code point of a character. This allows the extension to obfuscate code and make it harder to detect.",

      "legitimate_use": "Legitimate extensions may use

charCodeAt()

 for encoding or decoding data, but this can also be used for malicious purposes.",

      "concern": false

    },

    {

      "title": "unescape (deprecated obfuscation)",

      "severity": "medium",

      "user_explanation": "The extension uses the deprecated

unescape()

 function to obfuscate code, which can make it harder to detect malicious behavior.",

      "technical_detail": "The extension uses the

unescape() function in the zotero.js

 file (line 5678) to convert a string of characters into an array of Unicode code points. This allows the extension to obfuscate code and make it harder to detect.",

      "legitimate_use": "Legitimate extensions may use

unescape()

 for encoding or decoding data, but this can also be used for malicious purposes.",

      "concern": false

    },

    {

      "title": "Makes XHR requests",

      "severity": "info",

      "user_explanation": "The extension makes XHR requests to various domains, which is a normal behavior for extensions that need to communicate with their servers.",

      "technical_detail": "The extension uses the Fetch API and

chrome.webRequest API to make XHR requests to various domains, including www.zotero.org, github.com, and stackoverflow.com

. This allows the extension to communicate with its servers and retrieve data.",

      "legitimate_use": "Legitimate extensions may use XHR requests for communication with their servers, but this can also be used for malicious purposes.",

      "concern": false

    },

    {

      "title": "Writes data to clipboard",

      "severity": "info",

      "user_explanation": "The extension writes data to the clipboard using the

chrome.clipboard

 API, which is a normal behavior for extensions that need to interact with user data.",

      "technical_detail": "The extension uses the

chrome.clipboard

 API to write data to the clipboard. This allows the extension to interact with user data and perform tasks such as copying text or images.",

      "legitimate_use": "Legitimate extensions may use the

chrome.clipboard` API for interacting with user data, but this can also be used for malicious purposes.",
"concern": false
}
],

"verdict": "The extension has some security concerns due to its use of eval(), Function constructor, and external scripts in service worker. However, it also uses HTTPS for most network requests and stores data locally using the chrome.storage API. The extension's behavior is mostly legitimate, but further investigation is needed to determine its true intentions."
}