Is TinaMind - The most powerful AI Assistant! safe to use?

TinaMind - The most powerful AI Assistant! has a risk level of HIGH with an overall risk score of 6.4/10. Our scan detected 31 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does TinaMind - The most powerful AI Assistant! request?

TinaMind - The most powerful AI Assistant! requests the following permissions: tabs, storage, cookies, declarativeNetRequest, contextMenus. It also requests host access to: .

What is TinaMind - The most powerful AI Assistant!'s risk score?

TinaMind - The most powerful AI Assistant! has an overall risk score of 6.4/10 (HIGH). Breakdown: Permissions 7.5/10, Code 10.0/10, Combinations 7.0/10, CSP 5.8/10.

ExtSafe

TinaMind - The most powerful AI Assistant!Security Analysis

Chromev2.22.0MV3February 18, 2026 at 12:09 PM

Potentially unsafe

This extension shows concerning patterns that may indicate risky behavior. Proceed with caution.

Known Security Incidents(1)

Critical2024-12Resolved

Compromised in Cyberhaven supply chain attack

Extension was among 35+ extensions compromised in the December 2024 supply chain attack campaign that injected data-stealing code.

6.4HIGH

6.4 HIGHRaw: 8.0

This extension shows significant risk signals. Review the findings below carefully before installing or continuing to use it.

Based on 6 permissions including high-risk ones, 27 code findings, 2 dangerous combinations.

Trust Signals(4.0/10)

Users

30K

Rating

5.0(688 reviews)

Status

Featured

Dangerous Combinations(2)

HIGHCookie access + external network

Extension has cookie access and sends data to external servers — potential session token theft.

cookies+external network request

MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network

Permissions

7.5/10

Code

10.0/10

Combinations

7.0/10

Manifest/CSP

5.8/10

Permissions(6 analyzed)

Code Findings(18 patterns, 27 total)

Libraries(3 detected)

3 libraries detected

Content Security Policy

CSP Present(1 issue)

LOW

object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(5 findings)

Resolved from __MSG_* i18n placeholders:

Name: TinaMind - The most powerful AI Assistant!

Description: Your AI Assistant powered by AI models. Chat, YouTube summary, search, write, TTS, OCR and more.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

LOW

externally_connectableExternal messaging enabled

Extension accepts messages from 1 external pattern(s). Verify these are trusted origins.

MEDIUM

content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(12)

ahooks.js.orgapi.bilibili.comapi.tinamind.comchat.openai.comchatgpt.comgithub.comscholar.google.comsource.tinacdn.comtinamind.comwiseinks.tinamind.comwww.ibm.comwww.youtube.com