What permissions does AI Exporter: Save ChatGPT, Gemini to PDF, Word, MD and Notion request?

AI Exporter: Save ChatGPT, Gemini to PDF, Word, MD and Notion requests the following permissions: tabs, storage, cookies, declarativeNetRequest, sidePanel. It also requests host access to: *://*/*, https://aistudio.google.com/*, https://chat.deepseek.com/*, https://chatgpt.com/*, https://claude.ai/*, https://copilot.microsoft.com/*, https://gemini.google.com/*, https://github.com/*, https://grok.com/*, https://notebooklm.google.com/*, https://poe.com/*, https://tongyi.aliyun.com/*, https://www.google.co.uk/*, https://www.google.com.hk/*, https://www.google.com/*, https://www.perplexity.ai/*, https://yuanbao.tencent.com/*, https://saveai.net/*, https://www.saveai.net/*.

ExtSafe

AI Exporter: Save ChatGPT, Gemini to PDF, Word, MD and NotionSecurity Analysis

Chromev4.1.0MV3March 19, 2026 at 07:14 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

6.6HIGH

6.6 HIGHRaw: 8.3

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 24 permissions including high-risk ones, 152 code findings, 2 dangerous combinations.

Trust Signals(4.0/10)

Users

50K

Rating

4.8(569 reviews)

Status

Featured

Dangerous Combinations(2)

HIGHCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.5/10

Code

9.1/10

Combinations

10.0/10

Manifest/CSP

5.8/10

Permissions(24 analyzed)

Code Findings(18 patterns, 152 total)

Libraries(1 detected)

1 library detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(3 findings)

Resolved from __MSG_* i18n placeholders:

Name: AI Exporter: Save ChatGPT, Gemini to PDF, Word, MD and Notion

Description: Export ChatGPT, Claude, Gemini and NotebookLM chats to PDF/Word/Markdown/Txt. Supports content selection, and Notion sync, download.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(45)

ai.feishu.cnaistudio.google.comalkalimakersuite-pa.clients6.google.comapi-service.saveai.netapi.individual.githubcopilot.comassets.grok.combit.lychat.deepseek.comchat.openai.comchatgpt.comchromewebstore.google.comclaude.aiclaude.ai${bclaude.ai${gcopilot.microsoft.comempty.invalidgemini.google.comgemini.google.com${sgemini.google.com${ugithub.comgoogleusercontent.comgrok.comhtml.spec.whatwg.orgicnh83p4860q.feishu.cnlh3.googleusercontent.comlocalhostmarked.js.orgnotebooklm.google.comnpms.iopoe.comreact.devreactrouter.comsaveai.netschemas.openxmlformats.orgstuk.github.iotinyurl.comtongyi.aliyun.comwww.google.co.ukwww.google.com.hkwww.ibm.comwww.notion.sowww.perplexity.aiwww.saveai.netx.comyuanbao.tencent.com