Wordtune: AI Paraphrasing and Grammar ToolSecurity Analysis

Extension reads clipboard and communicates externally — potential credential or crypto address theft.

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

Uses eval() to execute dynamic code, a common technique for obfuscation and code injection.

Listens for keyboard events, a common technique used by keyloggers.

Dynamically sets a script's src attribute to load external code at runtime.

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

Extension has cookie access and sends data to external servers — potential session token theft.

Decodes base64 data, commonly used to hide malicious payloads.

Uses XMLHttpRequest to make network calls.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

JavaScript file could not be parsed and has high entropy. May contain obfuscated code.

Line exceeds 5000 characters (entropy: 5.301158754957585)

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

Content script matches <all_urls>, executing on every website the user visits.

Encodes data to base64, may be used for data exfiltration.

Reads or writes to localStorage, which may contain sensitive site data.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

Creates a Web Worker, which runs code in a separate thread — can be used for background computation or crypto mining.

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Extension accepts messages from 2 external pattern(s). Verify these are trusted origins.

background.js

background.js

content-scripts/content.js

content-scripts/read.js

chunks/client-N8pCKoNr.js

chunks/sidepanel-Bk9B3E05.js

chunks/sidepanel-Bk9B3E05.js