Is AI Grammar Checker & Paraphraser – LanguageTool safe to use?

AI Grammar Checker & Paraphraser – LanguageTool has a risk level of MEDIUM with an overall risk score of 5.6/10. Our scan detected 316 security findings. This extension has some risks worth reviewing.

What permissions does AI Grammar Checker & Paraphraser – LanguageTool request?

AI Grammar Checker & Paraphraser – LanguageTool requests the following permissions: activeTab, storage, contextMenus, scripting, alarms. It also requests host access to: , *://docs.google.com/document/*, *://docs.google.com/presentation/*, *://languagetool.org/*, *://outlook.live.com/*, *://outlook.office365.com/*, *://outlook.office.com/*, *://outlook.cloud.microsoft/*, https://languagetool.org/*/webextension/premium-announcement*, https://languagetool.org/webextension/premium-announcement*, http://localhost:8000/*/webextension/premium-announcement*, http://localhost:8000/webextension/premium-announcement*.

What is AI Grammar Checker & Paraphraser – LanguageTool's risk score?

AI Grammar Checker & Paraphraser – LanguageTool has an overall risk score of 5.6/10 (MEDIUM). Breakdown: Permissions 7.0/10, Code 10.0/10, Combinations 10.0/10, CSP 6.5/10.

ExtSafe

AI Grammar Checker & Paraphraser – LanguageToolSecurity Analysis

Chromev10.2.0MV3March 17, 2026 at 08:28 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

5.6MEDIUM

5.6 MEDIUMRaw: 8.6

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 17 permissions including high-risk ones, 303 code findings, 1 dangerous combination.

Trust Signals(6.0/10)

Users

3.0M

Rating

3.5(12K reviews)

Developer

LanguageTooler GmbH

Status

Featured

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

6.5/10

Permissions(17 analyzed)

Code Findings(23 patterns, 303 total)

Libraries(9 detected)

9 libraries detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(4 findings)

Resolved from __MSG_* i18n placeholders:

Name: AI Grammar Checker & Paraphraser – LanguageTool

Description: Instantly Enhance Your Texts with LanguageTool’s Grammar Checker and Paraphrasing Tool

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(38)

${eaddons.mozilla.orgaddons.opera.comanalytics.languagetoolplus.comapi-fallback.languagetool.orgapi.giphy.comapi.languagetool.orgapi.languagetoolplus.comappsource.microsoft.comappstoreconnect.apple.combokand.github.iocerberus.languagetool.orgchromewebstore.google.comcs.chromium.orgdev.languagetool.orgdocs.google.comdrafts.csswg.orgexample.comfakegiphy.comgithub.comhelp.languagetool.orglanguagetool.comlanguagetool.orglanguagetoolplus.comlocalhostmicrosoftedge.microsoft.compolicies.google.comprod-translator.languagetool.orgqb-grammar-en.languagetool.orgquillbot.atlassian.netreactjs.orgrewriting.languagetoolplus.comsynonyms.languagetool.orgtoolbox-gen-ai-production.languagetool.workers.devwww.apache.orgwww.quirksmode.orgyour-server.com