Is Monica: All-In-One AI Assist & Smartest AI Agent safe to use?

Monica: All-In-One AI Assist & Smartest AI Agent has a risk level of MEDIUM with an overall risk score of 5.5/10. Our scan detected 116 security findings. This extension has some risks worth reviewing.

What permissions does Monica: All-In-One AI Assist & Smartest AI Agent request?

Monica: All-In-One AI Assist & Smartest AI Agent requests the following permissions: storage, scripting, sidePanel, contextMenus, tabs, tabGroups, activeTab. It also requests host access to: .

What is Monica: All-In-One AI Assist & Smartest AI Agent's risk score?

Monica: All-In-One AI Assist & Smartest AI Agent has an overall risk score of 5.5/10 (MEDIUM). Breakdown: Permissions 7.0/10, Code 8.8/10, Combinations 10.0/10, CSP 7.8/10.

ExtSafe

Monica: All-In-One AI Assist & Smartest AI AgentSecurity Analysis

Chromev9.0.6MV3February 18, 2026 at 11:31 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

5.5MEDIUM

5.5 MEDIUMRaw: 8.4

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 8 permissions including high-risk ones, 112 code findings, 1 dangerous combination.

Trust Signals(7.0/10)

Users

3.0M

Rating

4.6(31K reviews)

Developer

BUTTERFLY EFFECT PTE. LTD.

Status

Featured

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

7.0/10

Code

8.8/10

Combinations

10.0/10

Manifest/CSP

7.8/10

Permissions(8 analyzed)

Code Findings(20 patterns, 112 total)

Libraries(2 detected)

2 libraries detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(7 findings)

Resolved from __MSG_* i18n placeholders:

Name: Monica: All-In-One AI Assist & Smartest AI Agent

Description: One stop AI Assistant with GPT, Claude, Gemini: Chat, Write, Translate, Search, Summarize, image generator, video generation

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW

externally_connectableExternal messaging enabled

Extension accepts messages from 3 external pattern(s). Verify these are trusted origins.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(25)

${e${tapi.openai.comapi.whatsapp.comassets.monica.imchromewebstore.google.comdiscord.gggithub.commarketplace.visualstudio.commicrosoftedge.microsoft.commonica.butterfly-effect.devmonica.immusicbrainz.orgplatform.monica.implugins.jetbrains.comreactjs.orgs2.googleusercontent.comsite.monica.cooluniversallink.monica.imwww.apache.orgwww.facebook.comwww.instagram.comwww.linkedin.comwww.threads.netx.com