Is Manus AI Browser Operator safe to use?

Manus AI Browser Operator has a risk level of HIGH with an overall risk score of 6.3/10. Our scan detected 53 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Manus AI Browser Operator request?

Manus AI Browser Operator requests the following permissions: tabs, tabGroups, storage, debugger, cookies, scripting. It also requests host access to: , https://manus.im/*, https://vida.butterfly-effect.dev/*, http://localhost/*, http://127.0.0.1/*, http://localhost:3000/*.

What is Manus AI Browser Operator's risk score?

Manus AI Browser Operator has an overall risk score of 6.3/10 (HIGH). Breakdown: Permissions 9.5/10, Code 7.6/10, Combinations 7.0/10, CSP 6.5/10.

ExtSafe

Manus AI Browser OperatorSecurity Analysis

Chromev0.0.47MV3March 1, 2026 at 05:15 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

6.3HIGH

6.3 HIGHRaw: 7.9

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 12 permissions including high-risk ones, 42 code findings, 2 dangerous combinations.

Trust Signals(4.0/10)

Users

200K

Rating

3.9(42 reviews)

Status

Featured

Dangerous Combinations(2)

HIGHCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network

Permissions

9.5/10

Code

7.6/10

Combinations

7.0/10

Manifest/CSP

6.5/10

Permissions(12 analyzed)

Code Findings(16 patterns, 42 total)

Libraries(1 detected)

1 library detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(4 findings)

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(42)

127.0.0.1atelierbram.github.iochriskempson.comclrs.cccscorley.github.iodev.toduckduckgo.comen.wikipedia.orgethanschoonover.comexample.comfb.megithub.comgoogle.comhart-dev.comlocalhostmail.google.commanus.immedium.comnews.ycombinator.comopen.spotify.complaywright.devrailscasts.comreactjs.orgsethawright.comsocket.iostackoverflow.comtwitter.comtybenz.comvida.butterfly-effect.devwww.amazon.comwww.baidu.comwww.bing.comwww.instagram.comwww.linkedin.comwww.monokai.nlwww.netflix.comwww.producthunt.comwww.reddit.comwww.tiktok.comwww.youtube.comwww.zfrontier.comx.com