| scripting | Permission | | This permission allows injection and execution of JavaScript on any webpage. Rated Critical because it can modify page content, steal sensitive data, and inject malicious code into any site the extension has access to. |
| debugger | Permission | | This permission grants the extension ability to debug and control other extensions and browser tabs. Rated Critical because it can access and modify other extensions' internal state, inject code, and access sensitive data from any tab. |
| downloads | Permission | | This permission controls file downloads and accesses download history. Rated High because it can download malicious files, access sensitive downloaded documents, and track user download patterns. |
| Contextual Risk Factors | Risk Factor | | The following context increases the overall risk:• 20% increase: Access to sensitive domains increases potential impact |
| activeTab | Permission | | This permission grants temporary access to the current tab. Rated Medium because it can access current page content when invoked, though limited to user-initiated actions. |
| storage | Permission | | This permission allows storing data locally in the browser. Rated Medium because it can persist sensitive user data, track user activities over time, and potentially store malicious payloads. |
| tabs | Permission | | This permission enables tab management and monitoring. Rated Medium because it can track open tabs, access tab metadata, and monitor user browsing patterns. |
| https://*.naver.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.coupang.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.gmarket.co.kr/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.auction.co.kr/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.11st.co.kr/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.lotteon.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.ssg.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.kurly.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.esmplus.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.gmarket.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://postcode.map.daum.net/* | Host | | Host permission — access limited to this URL pattern. |
| https://postcode.map.kakao.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://business.juso.go.kr/* | Host | | Host permission — access limited to this URL pattern. |
| https://moasell.kr/* | Host | | Host permission — access limited to this URL pattern. |
| https://www.moasell.kr/* | Host | | Host permission — access limited to this URL pattern. |
| http://localhost:3000/* | Host | | Host permission — access limited to this URL pattern. |
| http://localhost/* | Host | | Host permission — access limited to this URL pattern. |
| https://api.commerce.naver.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://api-gateway.coupang.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://api.11st.co.kr/* | Host | | Host permission — access limited to this URL pattern. |
| https://api.lotteon.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://openapi.lotteon.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://shopping-fep.toss.im/* | Host | | Host permission — access limited to this URL pattern. |
| https://shopping-fep-alpha.toss.im/* | Host | | Host permission — access limited to this URL pattern. |
| https://chatgpt.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.chatgpt.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.oaiusercontent.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://gemini.google.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.google.com/* | Host | | Host permission — access limited to this URL pattern. |
| https://*.googleusercontent.com/* | Host | | Host permission — access limited to this URL pattern. |
| Access to Sensitive Domains | Risk Factor | | This extension requests access to sensitive domains: https://shopping-fep.toss.im/*, https://shopping-fep-alpha.toss.im/*, https://gemini.google.com/*, https://*.google.com/*, https://*.googleusercontent.com/* |
| notifications | Permission | | This permission displays system notifications. Rated Low because it can only show user-visible notifications without accessing system data. |
