ExtSafe

Mote for Google Chrome™Security Analysis

Chromev3.1.6MV3February 16, 2026 at 03:39 PM
9.9CRITICAL
9.9 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 35 permissions including high-risk ones, 924 code findings, 2 dangerous combinations.

Dangerous Combinations(2)

CRITICALClipboard read + external communication

Extension reads clipboard and communicates externally — potential credential or crypto address theft.

clipboardRead+external network request
CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern
Permissions
10.0/10
Code
10.0/10
Combinations
10.0/10
Manifest/CSP
8.8/10

Permissions(35 analyzed)

Code Findings(26 patterns, 924 total)

Content Security Policy

CSP Present(1 issue)
LOW
object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(6 findings)

Resolved from __MSG_* i18n placeholders:

Name: Mote for Google Chrome™

Description: Inclusive learning software that adapts to every student's needs.

HIGH
web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW
externally_connectableExternal messaging enabled

Extension accepts messages from 3 external pattern(s). Verify these are trusted origins.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

HIGH
content_scriptsAggressive content script injection

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(34)

api.inboxsdk.comapp.mote.comapply.workable.comclassroom.google.comcommunity.mote.comdocs.google.comdrive.google.comempty.invalidfb.megithub.comlearn.mote.commail.google.commedia.mote.commote.commote.featurebase.appmote.fyimote.statuspage.iomyaccount.google.people-pa.clients6.google.compluspubsub.googleapis.comreactjs.orgregister.inboxsdk.coms.mote.comssl.gstatic.comsupport.mote.comtranslator.mote.comweb.devwww.www.googleapis.comwww.gstatic.comwww.inboxsdk.comwww.mote.comwww.notion.so

Indicators of Compromise

37 indicators of compromise found

File Statistics

258
Total Files
34
JS Files
113.3 MB
Total Size

Other Scanned Extensions

Urban VPN Proxy
8.2 CRITICAL
BrowserGPT: ChatGPT Anywhere Powered by GPT 4
8.2 CRITICAL
MyJDownloader Browser Extension
8.4 CRITICAL
__MSG_appName__
8.0 CRITICAL
HARPA AI: Web Automation with ChatGPT, Claude, Gemini, Grok
9.8 CRITICAL
Phantom
9.6 CRITICAL