Is Save to Pinterest safe to use?

Save to Pinterest has a risk level of CRITICAL with an overall risk score of 9.6/10. Our scan detected 28 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Save to Pinterest request?

Save to Pinterest requests the following permissions: contextMenus, cookies, storage, activeTab, declarativeNetRequest. It also requests host access to: *://*/*, .

What is Save to Pinterest's risk score?

Save to Pinterest has an overall risk score of 9.6/10 (CRITICAL). Breakdown: Permissions 10.0/10, Code 10.0/10, Combinations 10.0/10, CSP 5.9/10.

ExtSafe

Save to PinterestSecurity Analysis

Chromev6.12.0MV3February 16, 2026 at 02:59 PM

9.6CRITICAL

9.6 CRITICAL

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 7 permissions including high-risk ones, 24 code findings, 2 dangerous combinations.

Dangerous Combinations(2)

CRITICALCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

10.0/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

5.9/10

Permissions(7 analyzed)

Code Findings(11 patterns, 24 total)

Libraries(2 detected)

2 libraries detected

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(2 findings)

Resolved from __MSG_* i18n placeholders:

Name: Save to Pinterest

Description: Save ideas to Pinterest.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(16)

${tassets.pinterest.comgestalt.pinterest.systemshelp.pinterest.comi.ytimg.comimg.youtube.cominstagram.comjedwatson.github.iopinterest.comreactjs.orgtwitter.comwww.amazon.comwww.instagram.comwww.pinterest.comwww.pinterest.com${a.redirectpathwww.youtube.com