Is YT Watch Later Assist safe?

High risk

The extension intercepts Google OAuth authorization headers from YouTube requests and stores them in local storage; these tokens are then injected into AJAX requests whose URL and structure are fully controlled by a remotely-hosted Google Apps Script, creating a configuration where the auth token destination can be changed server-side without an extension update.

irfanalam.anstarv3.8Chrome Web Store
75Risk

AI-generated. Findings may contain errors. Those marked Verified have been manually reviewed.

Publishers can request a review.

Findings

Updated 3 May 2026deafalnegnfhjhejolidiobnapigcfpd