Is Coupert - Automatic Coupon Finder & Cashback safe to use?

Coupert - Automatic Coupon Finder & Cashback has a risk level of CRITICAL with an overall risk score of 9.7/10. Our scan detected 75 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Coupert - Automatic Coupon Finder & Cashback request?

Coupert - Automatic Coupon Finder & Cashback requests the following permissions: cookies, storage, unlimitedStorage, webRequest, alarms. It also requests host access to: http://*/*, https://*/*.

What is Coupert - Automatic Coupon Finder & Cashback's risk score?

Coupert - Automatic Coupon Finder & Cashback has an overall risk score of 9.7/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 7.3/10.

ExtSafe

Coupert - Automatic Coupon Finder & CashbackSecurity Analysis

Chromev6.18.30MV3February 16, 2026 at 03:26 PM

9.7CRITICAL

9.7 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 7 permissions including high-risk ones, 71 code findings, 3 dangerous combinations.

Dangerous Combinations(3)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

7.3/10

Permissions(7 analyzed)

Code Findings(23 patterns, 71 total)

Libraries(8 detected)

8 libraries detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(4 findings)

Resolved from __MSG_* i18n placeholders:

Name: Coupert - Automatic Coupon Finder & Cashback

Description: Automatically find coupons, apply the best coupon code and earn Cash Back rewards to save money for your online shopping.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

External Domains(41)

${eaddons.mozilla.orgapi-01.coupert.comapi-02.coupert.comapi-03.coupert.comapi-04.coupert.combit.lycoupertteam.github.iodev-pure.coupert.comdev-user-service.coupert.comdev.coupert.comeventmonitoringpro.comgithub.comgoo.glguard.coupert.comhelp.coupert.comkjur.github.iol.coupert.comlodash.commui.comnpms.ioopenjsf.orgpcp-dev.coupert.compcp.coupert.compure.coupert.comreactjs.orgschema.orgsjc.coupertsh.comtest.coupert.comtinyurl.comunderscorejs.orguser-service.coupert.comuser-service.coupert.devwww.coupert.comwww.coupert.devwww.coupertservice.comwww.example.comwww.facebook.comwww.paypal.comwww.trustpilot.comwww.twitter.com