Is Smart Page Annotator safe to use?

Smart Page Annotator has a security risk score of 53.37/100 (MEDIUM risk). Our security analysis detected 8 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of Smart Page Annotator?

Based on our automated security analysis, Smart Page Annotator presents medium risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "Smart Page Annotator" on Chrome Web Store Safe to Install?

[email protected] · chrome · v1.1.0

Smart Page Annotator (SPA) is the all-in-one productivity extension designed for researchers, students, and teams. Highlight text, draw on pages, add sticky notes, and manage your PDF annotations directly in your browser. No more switching tabs or losing your research notes! ✍️ KEY FEATURES Web Highlighter: Highlight important text on any webpage with multiple colors. Drawing & Markup: Use the pen and shape tools to circle, point, and sketch directly over web content. Sticky Notes & Tags: Add floating notes to pages. Use #hashtags to categorize and filter your research in the tag cloud. PDF Annotator: Full support for local and online PDFs. Review and annotate documents without special software. Collaboration & Sharing: Share your annotated pages via unique short links or live projection sessions. Clean Exports: Export your work as high-fidelity PDFs or structured reports for Notion and Obsidian. Dark Mode: A beautiful, premium dark theme for comfortable night-time research. 🚀 USE CASES For Professionals: Review designs, provide website feedback, and capture screen recordings for documentation. For Students & Academics: Organize research papers, tag citations, and manage reading lists in the side panel. For Content Creators: Mark up scripts, highlight references, and export structured notes. 🔒 PRIVACY & SECURITY Your privacy is our priority. Smart Page Annotator is built on a "Privacy First" architecture: Your data belongs to you. Minimal permissions required. Secure, authenticated sessions with refresh token rotation. Permanent data erasure (GDPR compliant) available in the dashboard. 💡 GETTING STARTED Click the Alt+A shortcut to toggle the toolbar. Select a tool and start annotating. Use the sidebar (Tag Cloud) to filter your notes by category. Your work is saved automatically! Transform your browser into a powerful research workspace today with Smart Page Annotator.

Risk Assessment

Analyzed

53.37

out of 100

MEDIUM

8 security findings detected across all analyzers

Chrome extension requesting 11 permissions

Severity Breakdown

Critical

High

Medium

Low

Info

Finding Categories

Network

Requested Permissions

11 permissions

http://*/*

Dangerous

https://*/*

Dangerous

identity

Access your identity and sign-in tokens

High

activeTab

Medium

tabs

Medium

storage

Low

scripting

Low

contextMenus

Low

alarms

Low

sidePanel

Low

clipboardWrite

Low

About This Extension

Detailed Findings

8 total

AI Security Report

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 78% confidence.

Recommended action: no action.
Risk context: MEDIUM risk, score 53/100.
Evidence context: threat category none; evidence quality weak.

The Smart Page Annotator extension (version 1.1.0) presents a clean security profile with no evidence of malicious behavior. The extension's stated purpose—highlighting webpages, reviewing PDFs, sketching, and adding notes—aligns with its technical implementation.

Manifest Analysis: The single manifest finding (MANIFEST-SENSITIVE-PERM-TABS in manifest.json) indicates the extension requests the 'tabs' permission. This is a legitimate requirement for an annotation tool that needs to read and modify page content. The tabs permission alone does not indicate malicious intent; it is standard for productivity extensions.

Network Activity: Seven network findings were detected across popup.js (lines 1 and 7), content.js (lines 4 and 41), workspace.js (lines 4 and 41), and diagram.js (line 116). All findings are generic 'fetch' call detections without specific domain information. These represent normal HTTP requests that any extension with backend functionality would make. Critically, there are zero IoC findings—no suspicious domains, no custom search engine domains, and no data exfiltration endpoints were extracted from the code.

Absence of Malicious Indicators: The findings summary shows zero malware signatures, zero obfuscation findings, zero code-smell findings, and zero secret findings. This is significant because actual malicious extensions typically exhibit at least one of these characteristics. The lack of obfuscation combined with the lack of malware signatures strongly indicates benign code.

Counterargument: A skeptic might argue that the anonymous developer email ([email protected]) and extremely low user count (5 users) warrant caution. While these factors reduce trust, they do not constitute evidence of malicious behavior. Many legitimate extensions are published by individual developers using Gmail addresses, and low user count simply indicates a niche or new extension. Without specific evidence of harm—suspicious domains, credential access patterns, or malware signatures—the extension should not be flagged as malicious based on publisher anonymity alone.

Conclusion: The findings represent expected behavior for a functional annotation extension. No actionable threats were identified.

Key Reasons

Zero malware signatures detected
Zero suspicious domains in IoC findings
Zero obfuscation findings
Network activity is generic fetch calls without specific endpoints
Extension functionality matches stated description

False Positive Considerations

Generic network findings (fetch calls without domain specifics)
Manifest permission findings (tabs permission is legitimate for annotation tools)

Source Code Viewer

Source Code Not Available

Source code is not available for this version of the extension.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng

[email protected]

CRITICAL 20K users

SVG to AVIF Converter [ShiftShift]

[email protected]

CRITICAL 4 users

ChromeCompare

[email protected]

CRITICAL 16 users

CAI Tools

[email protected]

CRITICAL 40K users

MAGgie - An AI Assistant

[email protected]

CRITICAL 1K users

EC Seller Tools

[email protected]

CRITICAL 1K users

Is "Smart Page Annotator" on Chrome Web Store Safe to Install?

Risk Assessment

Severity Breakdown

Finding Categories

Requested Permissions

About This Extension

Detailed Findings

NET-FETCH-popup.js-7

NET-FETCH-content.js-4

NET-FETCH-content.js-41

NET-FETCH-workspace.js-41

NET-FETCH-diagram.js-116

NET-FETCH-workspace.js-4

NET-FETCH-popup.js-1

MANIFEST-SENSITIVE-PERM-TABS

AI Security Report

AI Security Review

Key Reasons

False Positive Considerations

Frequently Asked Questions

Similar Extensions

Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng

SVG to AVIF Converter [ShiftShift]

ChromeCompare

CAI Tools

MAGgie - An AI Assistant

EC Seller Tools