Recently, many friends are concerned about whether certain browser extensions have security risks, especially the risk of excessive permissions. Interestingly, some people underestimate the risks posed by malicious extensions, while others exaggerate them... I wrote browser extensions a long time ago (one of which is open source in my GitHub repository, a cookie blacklisting one, which has long expired), and I have also conducted security audits on certain wallet extensions, so I consider myself to be a relatively knowledgeable type of security personnel. For an extension to be malicious, it can steal cookies from the target page, privacy from localStorage (such as account permission information, private key information), perform DOM tampering, request hijacking, clipboard content retrieval, etc. This can be configured in the manifest.json file. If users are not attentive to the permissions requested by the extension, it can lead to trouble. However, for an extension to be malicious and directly target other extensions, such as well-known wallet extensions, it is still not easy... because of sandbox isolation... For example, it is unlikely to directly steal private key/mnemonic information stored in a wallet extension unless a stupid vulnerability appears and is maliciously exploited. If you are concerned about the permission risks of a certain extension, it is actually very easy to assess this risk. After installing the extension, you can choose not to use it right away, check the extension ID, search for the local path on your computer, and find the manifest.json file in the root directory of the extension. You can then directly throw the file content to AI for permission risk interpretation. If you don't know how to do this step, just ask AI, which is also very convenient... for example, DeepSeek/GPT/Grok/Claude, etc. If you have an isolation mindset, you might consider enabling a separate Chrome Profile for unfamiliar extensions, at least making malicious actions controllable. Moreover, extensions can be disabled in chrome://extensions/ after use; most extensions do not need to be kept on all the time. The main point of writing this is actually to guide everyone to be more adept at using AI (just as a few years ago, people were encouraged to be adept at using search engines). AI can handle these basic security issues without any problem...