Is "Quick flomo - AI Reading Assistant & Citation Web Clipper" on Chrome Web Store Safe to Install?
Quick flomo - AI Reading Assistant & Academic Citation Generator 📖 Struggling with "too long to read" and "bookmark hoarding"? Bookmarks shouldn't be the graveyard of inspiration. Quick flomo is a Chrome sidebar extension designed for deep readers and knowledge management enthusiasts, transforming fragmented web content into structured, academically-cited flomo notes. ✨ Core Features 🎓 Academic-Standard Citations (Unique Highlight): Automatically extract webpage metadata (title, URL, author, date) and generate standard GB/T 7714 citation format with one click. No manual formatting needed - professional citations made easy. 🤖 AI-Powered Reading Assistant: Built-in 3 high-performance AI models (GLM-4.5-Air, GLM-4.7, GLM-4.6V). Generate precise summaries of long articles, get intelligent tag recommendations, and capture core insights quickly. ⚡️ Seamless Sidebar Recording: Designed with Side Panel interface to maintain your reading flow. Supports Alt+Shift+F shortcut, text selection floating ball, and right-click menu for quick access. 📌 Structured Knowledge Capsules: Automatically integrate title, source, summary, citation info, and personal thoughts into clearly structured flomo notes. 💎 Pro Membership Privileges: Unlock unlimited AI features with 3 premium models. Only ¥6/month or ¥58/year (annual plan offers better value). Get 500 credits monthly, far more than Free users. 🚀 v1.4.0 Major Updates 💰 Credits System (Core Feature): - Brand new credits-based system replacing quota system, more flexible - Free users get 30 credits monthly - Pro users get 500 credits monthly, perfect for heavy usage - Credits can be used for all AI features 🎁 Referral Rewards (NEW): - Brand new referral reward system, invite friends to register - Both parties get 30 credits reward - Credits can be used for AI features, reducing costs - View invitation records and reward details 🤖 AI Model Upgrade: - Focused on 3 premium AI models (GLM-4.5-Air, GLM-4.7, GLM-4.6V) - Removed free models, improved service quality and stability - Pro members get 500 credits monthly to enjoy premium models ⚡️ Performance & Security: - Passed comprehensive security audit, 0 critical vulnerabilities - Minimized permissions, only requesting necessary permissions - Performance optimized, 50%+ faster response time - All communications HTTPS encrypted, ensuring data security 🔐 Privacy Protection Commitment - ✅ Only accesses current page when you actively operate - ✅ No collection of browsing history or personal information - ✅ All communications use HTTPS encryption - ✅ API Keys stored locally only - ✅ Follows principle of least privilege 🌏 Multilingual Support - 中文(简体) - English 💡 Use Cases - Academic Research: Quickly collect literature, generate standard citations - Content Creation: Organize materials and inspiration, AI-assisted summarization - Knowledge Management: Build your Personal Knowledge Base - Daily Reading: Efficiently save valuable content 🎯 Why Choose Quick flomo? 1. **Academic Standards**: Auto-generate GB/T 7714 standard citations, perfect for research 2. **Credits System**: v1.4.0 brand new credits system, flexible AI feature usage 3. **Referral Rewards**: Invite friends and both get 30 credits, reducing costs 4. **AI-Empowered**: 3 premium AI models, quality-first, stable and reliable 5. **Secure & Reliable**: Passed comprehensive security audit, 50%+ performance boost 📞 Contact Us - Official Website: https://www.shadow.wang/ - Feedback: [email protected] --- Install Quick flomo now to let AI become your reading assistant, transforming fragmented information into structured knowledge!
Risk Assessment
Analyzed205 security findings detected across all analyzers
Chrome extension requesting 10 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
8 rules(39 hits)Requested Permissions
10 permissionsAccess your identity and sign-in tokens
About This Extension
Detailed Findings
70 totalYARA Rule Matches
8 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 135
detected Domain: send.today XIOC detected Domain: send.today
extracted_from_files
detected Domain: docs.bigmodel.cn XIOC detected Domain: docs.bigmodel.cn
extracted_from_files
detected Domain: model.name XIOC detected Domain: model.name
extracted_from_files
detected Email: exa***@gmail.com XIOC detected Email: exa***@gmail.com
extracted_from_files
detected Domain: www.w3.org XIOC detected Domain: www.w3.org
extracted_from_files
detected Domain: best.date XIOC detected Domain: best.date
extracted_from_files
detected Domain: t.mx XIOC detected Domain: t.mx
extracted_from_files
detected Domain: p.fk XIOC detected Domain: p.fk
extracted_from_files
detected IP: ::af XIOC detected IP: ::af
extracted_from_files
detected IP: ::bef XIOC detected IP: ::bef
extracted_from_files
detected IP: :: XIOC detected IP: ::
extracted_from_files
detected URL: https://docs.bigmodel.cn/api-reference/ XIOC detected URL: https://docs.bigmodel.cn/api-reference/
extracted_from_files
detected URL: https://shadow.wang/legal/quick-flomo/refund-policy.html XIOC detected URL: https://shadow.wang/legal/quick-flomo/refund-policy.html
extracted_from_files
detected URL: https://placehold.co/200x200?text=Please+Add+Image'; XIOC detected URL: https://placehold.co/200x200?text=Please+Add+Image';
extracted_from_files
detected URL: https://flomoapp.com/')) XIOC detected URL: https://flomoapp.com/'))
extracted_from_files
detected URL: https://dutepjyocxcvecmsrtfp.supabase.co', XIOC detected URL: https://dutepjyocxcvecmsrtfp.supabase.co',
extracted_from_files
detected URL: https://accounts.google.com/o/oauth2/v2/auth? XIOC detected URL: https://accounts.google.com/o/oauth2/v2/auth?
extracted_from_files
detected URL: https://$ XIOC detected URL: https://$
extracted_from_files
detected URL: https://quickflomo.com?ref=$ XIOC detected URL: https://quickflomo.com?ref=$
extracted_from_files
detected URL: https://*.supabase.co/* XIOC detected URL: https://*.supabase.co/*
extracted_from_files
detected URL: http://www.w3.org/2000/svg' XIOC detected URL: http://www.w3.org/2000/svg'
extracted_from_files
detected URL: https://shadow.wang/legal/quick-flomo/terms-of-service.html XIOC detected URL: https://shadow.wang/legal/quick-flomo/terms-of-service.html
extracted_from_files
detected URL: https://shadow.wang/legal/quick-flomo/privacy-policy.html XIOC detected URL: https://shadow.wang/legal/quick-flomo/privacy-policy.html
extracted_from_files
detected URL: https://flomoapp.com/iwh/xxx/xxx XIOC detected URL: https://flomoapp.com/iwh/xxx/xxx
extracted_from_files
detected URL: https://www.shadow.wang XIOC detected URL: https://www.shadow.wang
extracted_from_files
detected URL: https://x.com/Gollumgulu XIOC detected URL: https://x.com/Gollumgulu
extracted_from_files
detected URL: https://docs.bigmodel.cn/cn/guide/models/free/glm-4.6v-flash XIOC detected URL: https://docs.bigmodel.cn/cn/guide/models/free/glm-4.6v-flash
extracted_from_files
detected URL: https://docs.bigmodel.cn/cn/guide/models/text/glm-4.5#glm-4-5-air XIOC detected URL: https://docs.bigmodel.cn/cn/guide/models/text/glm-4.5#glm-4-5-air
extracted_from_files
detected URL: https://supabase.com/docs/reference/javascript XIOC detected URL: https://supabase.com/docs/reference/javascript
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected URL: https://www.shadow.wang/ XIOC detected URL: https://www.shadow.wang/
extracted_from_files
detected URL: https://flomoapp.com/* XIOC detected URL: https://flomoapp.com/*
extracted_from_files
detected Domain: tab.id XIOC detected Domain: tab.id
extracted_from_files
detected URL: https://docs.bigmodel.cn/cn/guide/models/text/glm-4.7 XIOC detected URL: https://docs.bigmodel.cn/cn/guide/models/text/glm-4.7
extracted_from_files
detected URL: https://docs.bigmodel.cn/cn/guide/models/vlm/glm-4.6v XIOC detected URL: https://docs.bigmodel.cn/cn/guide/models/vlm/glm-4.6v
extracted_from_files
detected Email: ab***@test.com XIOC detected Email: ab***@test.com
extracted_from_files
detected URL: http://www.w3.org/2000/svg XIOC detected URL: http://www.w3.org/2000/svg
extracted_from_files
detected Domain: statusresult.data XIOC detected Domain: statusresult.data
extracted_from_files
detected Domain: result.todaystats.date XIOC detected Domain: result.todaystats.date
extracted_from_files
detected Domain: userstatus.email XIOC detected Domain: userstatus.email
extracted_from_files
detected Domain: userstatus.credits.total XIOC detected Domain: userstatus.credits.total
extracted_from_files
detected Domain: aidailyusage.date XIOC detected Domain: aidailyusage.date
extracted_from_files
detected Domain: img.data XIOC detected Domain: img.data
extracted_from_files
detected Domain: tagsarray.map XIOC detected Domain: tagsarray.map
extracted_from_files
detected Domain: model.id XIOC detected Domain: model.id
extracted_from_files
detected Domain: btn-subtle.pro XIOC detected Domain: btn-subtle.pro
extracted_from_files
detected Domain: btn-user-avatar.show XIOC detected Domain: btn-user-avatar.show
extracted_from_files
detected Domain: subscription-badge.free XIOC detected Domain: subscription-badge.free
extracted_from_files
detected Domain: subscription-badge.pro XIOC detected Domain: subscription-badge.pro
extracted_from_files
detected Domain: user-badge.free XIOC detected Domain: user-badge.free
extracted_from_files
detected Domain: user-badge.pro XIOC detected Domain: user-badge.pro
extracted_from_files
detected Domain: attr.name XIOC detected Domain: attr.name
extracted_from_files
detected Domain: item.new XIOC detected Domain: item.new
extracted_from_files
detected Domain: resumebtn.id XIOC detected Domain: resumebtn.id
extracted_from_files
detected Domain: item.data XIOC detected Domain: item.data
extracted_from_files
detected Domain: window.open XIOC detected Domain: window.open
extracted_from_files
detected Domain: stats.total XIOC detected Domain: stats.total
extracted_from_files
detected Domain: invitations.map XIOC detected Domain: invitations.map
extracted_from_files
detected Domain: item.email XIOC detected Domain: item.email
extracted_from_files
detected Domain: user.id XIOC detected Domain: user.id
extracted_from_files
detected Domain: user.email XIOC detected Domain: user.email
extracted_from_files
detected Domain: user.is XIOC detected Domain: user.is
extracted_from_files
detected Domain: user.credits.total XIOC detected Domain: user.credits.total
extracted_from_files
detected Domain: currentplaninfo.id XIOC detected Domain: currentplaninfo.id
extracted_from_files
detected Domain: userstatus.is XIOC detected Domain: userstatus.is
extracted_from_files
detected URL: https://open.bigmodel.cn/* XIOC detected URL: https://open.bigmodel.cn/*
extracted_from_files
detected Domain: loadingmsg.id XIOC detected Domain: loadingmsg.id
extracted_from_files
detected Domain: e.target XIOC detected Domain: e.target
extracted_from_files
detected Domain: result.data XIOC detected Domain: result.data
extracted_from_files
detected Domain: 946677852502-lom3ach1c2m8br0s42i18k0p3e42lgjo.apps.googleusercontent.com XIOC detected Domain: 946677852502-lom3ach1c2m8br0s42i18k0p3e42lgjo.apps.googleusercontent.com
extracted_from_files
detected Domain: chrome.runtime.id XIOC detected Domain: chrome.runtime.id
extracted_from_files
detected Domain: hasharray.map XIOC detected Domain: hasharray.map
extracted_from_files
detected Domain: chromiumapp.org XIOC detected Domain: chromiumapp.org
extracted_from_files
detected Domain: window.location.search XIOC detected Domain: window.location.search
extracted_from_files
detected URL: https://docs.bigmodel.cn/cn/guide/models/text/glm-4.5 XIOC detected URL: https://docs.bigmodel.cn/cn/guide/models/text/glm-4.5
extracted_from_files
detected Domain: statusresult.data.email XIOC detected Domain: statusresult.data.email
extracted_from_files
detected Domain: statusresult.data.is XIOC detected Domain: statusresult.data.is
extracted_from_files
detected Domain: currentuser.is XIOC detected Domain: currentuser.is
extracted_from_files
detected Domain: session.user.is XIOC detected Domain: session.user.is
extracted_from_files
detected Domain: email.com XIOC detected Domain: email.com
extracted_from_files
detected Domain: shadow.nexus XIOC detected Domain: shadow.nexus
extracted_from_files
detected Domain: placehold.co XIOC detected Domain: placehold.co
extracted_from_files
detected Domain: accounts.google.com XIOC detected Domain: accounts.google.com
extracted_from_files
detected Domain: quickflomo.com XIOC detected Domain: quickflomo.com
extracted_from_files
detected Domain: gmail.com XIOC detected Domain: gmail.com
extracted_from_files
detected Domain: test.com XIOC detected Domain: test.com
extracted_from_files
detected Domain: www.shadow.wang XIOC detected Domain: www.shadow.wang
extracted_from_files
detected Domain: flomoapp.com XIOC detected Domain: flomoapp.com
extracted_from_files
detected Domain: open.bigmodel.cn XIOC detected Domain: open.bigmodel.cn
extracted_from_files
detected Domain: supabase.co XIOC detected Domain: supabase.co
extracted_from_files
detected Domain: toast.show XIOC detected Domain: toast.show
extracted_from_files
detected Domain: shadow.wang XIOC detected Domain: shadow.wang
extracted_from_files
detected Domain: x.com XIOC detected Domain: x.com
extracted_from_files
detected Domain: console.info XIOC detected Domain: console.info
extracted_from_files
detected Domain: supabase.com XIOC detected Domain: supabase.com
extracted_from_files
detected Domain: chrome.storage XIOC detected Domain: chrome.storage
extracted_from_files
detected Domain: data.ai XIOC detected Domain: data.ai
extracted_from_files
detected Domain: session.user.email XIOC detected Domain: session.user.email
extracted_from_files
detected Domain: window.id XIOC detected Domain: window.id
extracted_from_files
detected Domain: chrome.sidepanel.open XIOC detected Domain: chrome.sidepanel.open
extracted_from_files
detected Domain: options.author XIOC detected Domain: options.author
extracted_from_files
detected Domain: m.id XIOC detected Domain: m.id
extracted_from_files
detected Domain: window.ai XIOC detected Domain: window.ai
extracted_from_files
detected Domain: window.free XIOC detected Domain: window.free
extracted_from_files
detected Domain: window.pro XIOC detected Domain: window.pro
extracted_from_files
detected Domain: params.total XIOC detected Domain: params.total
extracted_from_files
detected Domain: levels.info XIOC detected Domain: levels.info
extracted_from_files
detected Domain: sendbtn.id XIOC detected Domain: sendbtn.id
extracted_from_files
detected Domain: appicon.id XIOC detected Domain: appicon.id
extracted_from_files
detected Domain: btntext.id XIOC detected Domain: btntext.id
extracted_from_files
detected Domain: element.id XIOC detected Domain: element.id
extracted_from_files
detected Domain: c.date XIOC detected Domain: c.date
extracted_from_files
detected IP: 2:: XIOC detected IP: 2::
extracted_from_files
detected IP: 0:: XIOC detected IP: 0::
extracted_from_files
detected IP: 1:: XIOC detected IP: 1::
extracted_from_files
detected Domain: session.user.id XIOC detected Domain: session.user.id
extracted_from_files
detected Domain: error.name XIOC detected Domain: error.name
extracted_from_files
detected Domain: rect.top XIOC detected Domain: rect.top
extracted_from_files
detected Domain: host.style.top XIOC detected Domain: host.style.top
extracted_from_files
detected Domain: popover.style.top XIOC detected Domain: popover.style.top
extracted_from_files
detected Domain: host.id XIOC detected Domain: host.id
extracted_from_files
detected Domain: stats.date XIOC detected Domain: stats.date
extracted_from_files
detected Domain: metadata.author XIOC detected Domain: metadata.author
extracted_from_files
detected Domain: schema.org XIOC detected Domain: schema.org
extracted_from_files
detected Domain: item.author XIOC detected Domain: item.author
extracted_from_files
detected Domain: item.author.name XIOC detected Domain: item.author.name
extracted_from_files
detected Domain: data.author XIOC detected Domain: data.author
extracted_from_files
detected Domain: data.author.name XIOC detected Domain: data.author.name
extracted_from_files
detected Domain: u.dj XIOC detected Domain: u.dj
extracted_from_files
detected Domain: w.bw XIOC detected Domain: w.bw
extracted_from_files
detected Domain: tl.np XIOC detected Domain: tl.np
extracted_from_files
detected Domain: c.do XIOC detected Domain: c.do
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: clients2.google.com XIOC detected Domain: clients2.google.com
extracted_from_files
detected Domain: dutepjyocxcvecmsrtfp.supabase.co XIOC detected Domain: dutepjyocxcvecmsrtfp.supabase.co
extracted_from_files
Security Analysis Summary
Security Analysis Overview
Quick flomo - AI Reading Assistant & Citation Web Clipper is a Chrome Web Store extension published by [email protected]. Version 1.4.0 has been analyzed by the Risky Plugins security platform, receiving a risk score of 84.94/100 (HIGH risk) based on 205 security findings.
Risk Assessment
This extension presents critical security risk. Severe issues were detected, potentially including malware indicators, exposed secrets, or dangerous behaviors. Installation is strongly discouraged until these issues are addressed.
Findings Breakdown
- Medium: 166 finding(s)
- Low: 39 finding(s)
What Was Analyzed
The security assessment covers multiple analysis categories:
- Malware Detection: YARA rule matching against 2,400+ malware signatures
- Secret Detection: Scanning for exposed API keys, tokens, and credentials
- Static Analysis: Code-level security analysis for common vulnerability patterns
- Network Analysis: Detection of suspicious network communications and endpoints
- Obfuscation Detection: Identification of code obfuscation techniques
Developer Information
Quick flomo - AI Reading Assistant & Citation Web Clipper is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 10 users.
Recommendation
This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
抖音采集助手
[email protected]
Send to NotebookLM
[email protected]
Chat AI - Chat GPT 5 on all sites
[email protected]
SensePage
[email protected]
Auto Gmail - ChatGPT AI for email inbox
[email protected]
Page Locker
[email protected]