Is Notion Web Clipper safe to use?

Notion Web Clipper has a risk level of MEDIUM with an overall risk score of 5.5/10. Our scan detected 57 security findings. This extension has some risks worth reviewing.

What permissions does Notion Web Clipper request?

Notion Web Clipper requests the following permissions: activeTab, storage, cookies. It also requests host access to: https://*.notion.so/*, https://*.notion.so/.

What is Notion Web Clipper's risk score?

Notion Web Clipper has an overall risk score of 5.5/10 (MEDIUM). Breakdown: Permissions 8.0/10, Code 8.6/10, Combinations 7.0/10, CSP 0.6/10.

ExtSafe

Notion Web ClipperSecurity Analysis

Chromev0.2.11MV3March 1, 2026 at 05:20 AM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

5.5MEDIUM

5.5 MEDIUMRaw: 6.9

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 5 permissions including high-risk ones, 54 code findings, 1 dangerous combination.

Trust Signals(4.5/10)

Users

1.0M

Rating

4.1(609 reviews)

Developer

Notion Labs, Inc.

Dangerous Combinations(1)

HIGHCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

Permissions

8.0/10

Code

8.6/10

Combinations

7.0/10

Manifest/CSP

0.6/10

Permissions(5 analyzed)

Code Findings(15 patterns, 54 total)

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(0 findings)

Resolved from __MSG_* i18n placeholders:

Name: Notion Web Clipper

Description: Use our Web Clipper to save any website into Notion.

No manifest-level concerns found.

External Domains(59)

${e*.notion.soacademy.notion.comaddons.mozilla.orgadmin.google.comadmin.notion.soaif.notion.soapi.eu.amplitude.comapi.mail.notion.soapi.statsigcdn.comapi2.amplitude.comapp.amplitude.comapp.eu.amplitude.comapp.ripplematch.comapps.apple.comapps.stag2.amplitude.comaudioprocessor.www.notion.socalendar.cron.comcalendar.notion.socloudflare-dns.comdev.notion.sodevelopers.notion.comdocs.github.comdocs.statsig.comexp.notion.sofeatureassets.orgformatjs.iogithub.comhttp-inputs-notion.splunkcloud.comidentity.notion.soimg.notionusercontent.comitunes.apple.commail.notion.somarketplace.atlassian.commsgstore.www.notion.sonotion.notion.sitenotion.soplay.google.comprod-notion-assets.s3-us-west-2.amazonaws.comprodregistryv2.orgreactjs.orgs3-us-west-2.amazonaws.comsolutions-partner-hub.notion.sitesr-client-cfg.amplitude.comsr-client-cfg.eu.amplitude.comsr-client-cfg.stag2.amplitude.comstartupshub.notion.sitestatsigapi.netsupport.atlassian.comtwitter.comworkspace.google.comwww.docs.developers.amplitude.comwww.facebook.comwww.instagram.comwww.linkedin.comwww.notion-status.comwww.notion.comwww.notion.sowww.youtube.com