ExtSafe

Obsidian Web ClipperSecurity Analysis

Chromev1.3.0MV3April 4, 2026 at 05:52 PM
Use with caution

This extension requests significant permissions. It has 400K+ users, a 4.7 star rating, but review the findings below.

4.8MEDIUM
4.8 MEDIUMRaw: 6.0

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 11 permissions including high-risk ones, 33 code findings, 1 dangerous combination.

Trust Signals(4.0/10)

Users
400K
Rating
4.7(431 reviews)

Dangerous Combinations(1)

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern
Permissions
7.0/10
Code
3.7/10
Combinations
10.0/10
Manifest/CSP
4.3/10

Permissions(11 analyzed)

Code Findings(13 patterns, 33 total)

Libraries(1 detected)

1 library detected

Content Security Policy

CSP Present(1 issue)
LOW
object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(2 findings)

HIGH
web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM
web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(14)

api.fxtwitter.comc2.comdefuddle.mdexample.comgithub.comhelp.obsidian.mdnews.ycombinator.comobsidian.mdpublish.twitter.comreddit.com${areddit.com${sstephango.comwww.youtube.comx.com

Indicators of Compromise

17 indicators of compromise found

File Statistics

59
Total Files
10
JS Files
9.4 MB
Total Size

Other Scanned Extensions

ProKeys
5.2 MEDIUM
Save Image As...
3.7 MEDIUM
Image downloader - Imageye
4.2 MEDIUM
uBlock Origin Lite
5.7 MEDIUM
Stream Cleaner
4.3 MEDIUM
Bitwarden Password Manager
4.7 MEDIUM