Merlin - Ask AI to Research, Write & ReviewSecurity Analysis

Chromev7.5.10MV3February 18, 2026 at 12:00 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

7.1HIGH

7.1 HIGHRaw: 8.9

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 23 permissions including high-risk ones, 167 code findings, 2 dangerous combinations.

Trust Signals(5.5/10)

Users

1.0M

Rating

3.9(9K reviews)

Developer

Foyer Tech

Status

Featured

Dangerous Combinations(2)

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

9.5/10

Combinations

10.0/10

Manifest/CSP

9.7/10

Permissions(23 analyzed)

Code Findings(22 patterns, 167 total)

Libraries(3 detected)

3 libraries detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(18 findings)

Resolved from __MSG_* i18n placeholders:

Name: Merlin - Ask AI to Research, Write & Review

Description: 26-in-1 Chrome extension to Research, Re-write, and Summarise content on any website

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

LOW

externally_connectableExternal messaging enabled

Extension accepts messages from 4 external pattern(s). Verify these are trusted origins.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(72)

${r${r.src${t.*.hdblog.itapi.getmerlin.inapp.getmerlin.inbcin.short.gybit.lycdn.givefreely.comcdn.leonardo.aid22e6o9mp4t2lx.cloudfront.netdocs.google.comduckduckgo.comerrors.authjs.devexample.comextension.getmerlin.infb.mefeedback.getmerlin.ingeoip.maxmind.comgetmerlin.ingithub.comgoo.glimage.baidu.comimages.search.yahoo.comjedwatson.github.iolocalhostlodash.commedium.commerlin.foyer.workmerlinbyfoyer.notion.sitennews.search.yahoo.comnextjs.orgnpms.ioopenjsf.orgpbs.twimg.complacehold.copurl.oclc.orgradix-ui.comraw.github.comreactjs.orgrentry.corobohash.orgschemas.openxmlformats.orgschemas.zwobble.orgsearch.brave.comsearch.naver.comsearch.yahoo.comsession.getmerlin.inshop.appstuartk.comstuk.github.iosuggestqueries.google.comtext-extractor.getmerlin.intiktoken.pages.devtwitter.comuam.getmerlin.inunderscorejs.orgus-west1-foyer-work.cloudfunctions.netwww.amazon.comwww.apache.orgwww.baidu.comwww.bing.comwww.getmerlin.inwww.merlin.foyer.workwww.reddit.comwww.sogou.comwww.veed.iowww.youtube-nocookie.comwww.youtube.comyandex.comyoutu.be

Indicators of Compromise

28 indicators of compromise found

File Statistics

178

Total Files

96

JS Files

8.6 MB

Total Size

Other Scanned Extensions

Permanent clipboard

Snippet Manager

1Password – Password Manager

WebP / Avif image converter

1Password – Password Manager

AI Exporter: Save ChatGPT, Gemini to PDF, Word, MD and Notion