ProScreen S3: Self-Cloud Capture & Record

ProScreen S3: Self-Cloud Capture & Record

ID: fbmcahhohhnkhhodhahfcodibllmiojm

Extension Info & Metadata

Status
Active
Version
1.0.2
Size
0.16 MB
Rating
5.0/5
Reviews
1
Users
34
Type
Extension
Updated
Jun 19, 2026
Category
Tools
Price
Free
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
Yes

Publisher Contextual Analysis

Trusted
Author
ngocquy.devView Profile
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
Yes
Mailbox exists
Yes
Website
Visit
Total Extensions
4
Active
2
Obsolete
0
Listed
4
Unlisted
0
Total Users
2,046
Screenshot 1

Capture screenshots, record screen, and upload to your own S3 storage. Open source & privacy-first.

Chụp toàn bộ và đáng tin cậy ảnh chụp màn hình của trang hiện tại của bạn. Cách đơn giản nhất để chụp ảnh màn hình của cửa sổ trình duyệt hiện tại của bạn. Nhấp vào biểu tượng tiện ích mở rộng, và tham gia vào tab mới của ảnh chụp màn hình của bạn nơi bạn có thể tải xuống dưới dạng hình ảnh hoặc lấy đường dẫn để chia sẻ Không cồng kềnh, không có quảng cáo, không có quyền không cần thiết, chỉ là một cách đơn giản để biến toàn bộ trang web thành hình ảnh.

Item
Type
Severity
Description
downloads
Permission
High
This permission controls file downloads and accesses download history. Rated High because it can download malicious files, access sensitive downloaded documents, and track user download patterns.
desktopCapture
Permission
High
This permission captures content from your desktop screens. Rated High because it can record sensitive information from any window, capture passwords, and monitor user activity.
Dangerous Permission Combination: desktopCapture,downloads,storage
Risk Factor
High
Enables extensive monitoring and access to sensitive aspects of your digital activities.
Contextual Risk Factors
Risk Factor
High
The following context increases the overall risk:• 15% increase: Older manifest version lacks modern security controls
storage
Permission
Medium
This permission allows storing data locally in the browser. Rated Medium because it can persist sensitive user data, track user activities over time, and potentially store malicious payloads.
activeTab
Permission
Medium
This permission grants temporary access to the current tab. Rated Medium because it can access current page content when invoked, though limited to user-initiated actions.
Older Manifest Version
Risk Factor
Medium
This extension uses Manifest Version 2
http://*/*
Permission
Unknown
No classification available for this permission.
https://*/*
Permission
Unknown
No classification available for this permission.
file://*/*
Permission
Unknown
No classification available for this permission.

The bundled manifest requests storage, downloads, and file://*/* permissions, none of which appear in the published CWS manifest summary (which only lists http://*/*, https://*/*, desktopCapture, activeTab). This discrepancy means the extension runs with meaningfully broader capabilities than what Google surfaces to users during installation review, and users cannot see the full permission footprint from the store listing.

manifest.json (Line 17)
{  "permissions": [    "storage",    "downloads",    "http://*/*",    "https://*/*",    "activeTab",    "file://*/*",    "desktopCapture"  ]}

When the user clicks 'Share', the captured screenshot together with the full source page URL (image_from) and page title are uploaded to https://snapshot.ngocquy.net/api/v1/images — the publisher's own hosting service. The extension markets itself as 'upload to your own S3 storage / privacy-first', but there is no S3 configuration flow and no user-controlled storage; all data is sent to the publisher's server. While user-initiated, this contradicts the stated privacy promise and means the publisher receives every screenshot a user chooses to share along with the URL of the page that was captured.

scripts/capture.js (Line 61)
const form = new FormData();form.append("image_snapshot", file);form.append("image_from", `${this.from}`);form.append("image_from_title", `${this.title}`);const data = await axios.post(  "https://snapshot.ngocquy.net/api/v1/images",  form);

By severity

Critical0
High1
Medium1
Low0

Versions scanned

Showing 1 of 4 scanned versions with more than one unique finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
1.0.22

Files with findings

2 distinct paths — top paths by unique finding count:

  • manifest.json1
  • scripts/capture.js1
S.No.
Category
Severity
File
Summary
Found in Version
1Other
high
manifest.json (line 17)The bundled manifest requests storage, downloads, and file://*/* permissions, none of which appear in the published CWS manifest summary (which only lists http://*/*, https://*/*, desktopCapture, activeTab). This disc…
2Data Exfiltration
medium
scripts/capture.js (line 61)When the user clicks 'Share', the captured screenshot together with the full source page URL (image_from) and page title are uploaded to https://snapshot.ngocquy.net/api/v1/images — the publisher's own hosting service…
URLs
309
IPv4
1
IPv6
0

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

bit.ly/3Ev6Hlihttps://bit.ly/3Ev6Hli
clients2.google.com/service/update2/crxhttps://clients2.google.com/service/update2/crx
*.ngocquy.net/*https://*.ngocquy.net/*
*/*http://*/*
*/*https://*/*
unpkg.com-https://unpkg.com
github.com-https://github.com
vuejs.org-https://vuejs.org
cdnjs.cloudflare.com-https://cdnjs.cloudflare.com
uicdn.toast.com-https://uicdn.toast.com
Showing 1 to 10 of 310 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

25.4.3.1
IPv4
-
Showing 1 to 4 of 10 rows
Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.