Copyfish 🐟 Free Ocr Soft

Name: Security Analysis: Copyfish 🐟 Free Ocr Soft
Item: Copyfish 🐟 Free Ocr Soft
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 700K+ users

📦 v6.2.0

💾 238KiB

📅 2025-05-15

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Blocks and translates text from any image, video or PDF with just a few clicks, making it easy for anyone to copy, paste and share content without manually typing it out. Ideal for students, researchers, and professionals who need to quickly extract information from visual materials, this extension brings a convenient solution to their workflow. It's particularly useful for those who struggle with manual transcription or want to save time when working with multimedia files.

Overview

Do you need to extract text from images, videos or PDF? If yes, then the Copyfish Screenshot Reader/Text Extractor is for you. Copyfish turns text within any image captured from your screen into an editable format without retyping – making it easy to reuse in digital documents, emails or reports.

Common reasons to extract text from images are to google it, store it, email it or translate it. Until now, your only option was to retype the text. Copyfish is soooo much faster and more fun.

“Images” come in many forms: photographs, charts, diagrams, screenshots, PDF documents, comics, error messages, memes, Flash – and Youtube movies.

You can verify the results in one glance with the extracted text overlay.

Do you need to switch between OCR languages often? You can define "Quick Switch" buttons for up to three languages on the settings page.

For language learners: There are many translator addons available, but they only work with plain website text. Text inside images, in tricky Javascript/AJAX or, especially, in movie subtitles on Youtube or Youku is unreachable for them. But not for Copyfish. And if you want, Copyfish also translates the text for you. Especially for the subtitle translation use case, Copyfish has a repeat feature. Mark the area of the subtitle once and then use the "Do OCR" button to grab the latest text from the movie screen.

For extension gurus: You might have heard of Project Naptha, a great addon that applies state-of-the-art computer vision algorithms on every image you see while browsing the web. Copyfish solves the same problem, but it takes a different user interface approach. It does not try to alter the website. Instead, it lets you mark the text in the image you want to extract. As a result Copyfish works with every website, even videos and PDF documents.

For developers: Copyfish is published under the GPL open-source license. Full source code is available at https://github.com/A9T9/Copyfish

As OCR software, it uses the free OCR API from https://ocr.space/ .

QUESTIONS? SUGGESTIONS? Please visit our OCR user forum at https://forum.ui.vision/c/ocr-api/10

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v6.2.0 Info Scanned Mar 6, 2026

Security Analysis — Copyfish 🐟 Free Ocr Soft

Analyzed v6.2.0 · Mar 6, 2026 · 14 JS files · 361 KB scanned

Permissions

Code Patterns Detected

External Connections

ui.vision ocr.space github.com license1.ocr.space www.w3.org cors-anywhere.herokuapp.com mozilla.org translate.google.com www.deepl.com

Package Contents 62 files · 660KB

▾📁_locales3KB

▾📁en3KB

{}messages.json3KB

▾📁_metadata8KB

{}verified_contents.json8KB

▾📁config20KB

{}config.json20KB

▾📁images92KB

🖼close.png395B

🖼copyfish-128.png5KB

🖼copyfish-16.png548B

🖼copyfish-32.png1KB

🖼copyfish-48.png2KB

🖼deepl.jpg4KB

🖼gear-active.png1KB

🖼gear.png326B

🖼icon-128.png2KB

🖼icon-128_desktop.png4KB

🖼icon-128_disabled.png3KB

🖼icon-16.png342B

🖼icon-16_desktop.png877B

🖼icon-16_disabled.png655B

🖼icon-19.png392B

🖼icon-19_desktop.png1013B

🖼icon-19_disabled.png777B

🖼icon-19_new.png703B

🖼icon-38.png738B

🖼icon-38_desktop.png2KB

🖼icon-38_disabled.png2KB

🖼icon-38_new.png1KB

🖼outside.png953B

🖼spinner.svg3KB

🖼sprite-action-white.png52KB

🖼translate.png2KB

▾📁scripts361KB

📜background.js57KBlarge

📜chromereload.js668B

📜crossbrowser.js1KB

📜cs.js79KBlarge

📜genlib.js225B

📜init-cs.js5KB

📜jquery.min.js85KBlarge

📜material.min.js55KBlarge

📜message-dialog.js3KB

📜ocrlocal.js6KB

📜options.js52KBlarge

📜overlay.js7KB

📜screencapture.js7KB

📜tabbis.es6.min.js3KB

▾📁styles113KB

🎨cs.css21KB

🎨desktop.screencapture.css777B

🎨material.min.css57KB

🎨options.css7KB

🎨reset.css1KB

🎨screencapture.css6KB

🎨sprite-action-white.css19KB

🎨style-default.min.css932B

📄LICENSE18KB

📄README.md2KB

🌐dialog.html8KB

{}manifest.json2KB

🌐message-dialog-action-popup.html4KB

🌐message-dialog-special-page.html5KB

🌐message-dialog.html436B

🌐ocrlocal.html5KB

🌐options.html13KB

🌐overlay.html813B

🌐screencapture.html5KB

What This Extension Does

Copyfish is a browser extension that extracts text from images, videos, and PDFs. It solves the problem of retyping text by providing an OCR (Optical Character Recognition) feature. This extension is suitable for language learners, researchers, and anyone who needs to extract text from visual content.

Permissions Explained

contextMenusexpected: This permission allows the extension to add custom context menu items.
Technical: The extension uses this API to inject a context menu item that triggers the OCR functionality. This is a standard Chrome API for adding custom menu items.
activeTabexpected: This permission allows the extension to access and manipulate the currently active tab.
Technical: The extension uses this API to inject a content script into the active tab, which enables the OCR functionality. This is a standard Chrome API for accessing the current tab.
scriptingexpected: This permission allows the extension to execute scripts in the browser context.
Technical: The extension uses this API to inject a content script into the active tab, which enables the OCR functionality. This is a standard Chrome API for executing scripts.
storageexpected: This permission allows the extension to store and retrieve data in the browser's storage system.
Technical: The extension uses this API to store user preferences, such as OCR language settings. This is a standard Chrome API for storing data.
notificationsexpected: This permission allows the extension to display notifications to the user.
Technical: The extension uses this API to display notifications when OCR results are available. This is a standard Chrome API for displaying notifications.
nativeMessagingcheck this: This permission allows the extension to communicate with native applications on the system.
Technical: The extension uses this API to communicate with a native application that provides OCR functionality. This is a high-risk permission due to potential data exposure and security vulnerabilities. ⚠ 1
clipboardReadcheck this: This permission allows the extension to read content from the clipboard.
Technical: The extension uses this API to read text from the clipboard and perform OCR. This is a high-risk permission due to potential data exposure and security vulnerabilities. ⚠ 1
commandsexpected: This permission allows the extension to define custom keyboard shortcuts.
Technical: The extension uses this API to define custom keyboard shortcuts for triggering OCR functionality. This is a standard Chrome API for defining keyboard shortcuts.

Your Data

Copyfish accesses the active tab's content, clipboard data, and stores user preferences in the browser's storage system. It sends OCR results to the ui.vision API for processing.

Technical Details

domains

ui.vision
ocr.space
github.com

protocols

HTTP
HTTPS

encryption_status

Mixed (some requests are encrypted, others are not)

data_types

cookies
tokens
keystrokes
page content

Code Findings

High-Risk Permission: nativeMessagingCritical

The extension uses the nativeMessaging API to communicate with a native application, which poses a high risk of data exposure and security vulnerabilities.

Technical: The extension injects a content script that communicates with a native application using the nativeMessaging API. This allows the native application to access sensitive browser data.

💡 Legitimate extensions may use nativeMessaging for communication with native applications, but this requires careful consideration of security risks and data exposure.

High-Risk Permission: clipboardReadHigh

The extension uses the clipboardRead API to access clipboard content, which poses a high risk of data exposure and security vulnerabilities.

Technical: The extension injects a content script that reads clipboard content using the clipboardRead API. This allows the extension to access sensitive user data.

💡 Legitimate extensions may use clipboardRead for accessing clipboard content, but this requires careful consideration of security risks and data exposure.

Potential XSS Vector: innerHTML assignmentMedium

The extension uses the innerHTML property to assign HTML content to an element, which may pose a risk of cross-site scripting (XSS) attacks.

Technical: The extension injects a content script that assigns HTML content to an element using the innerHTML property. This allows malicious scripts to execute in the context of the active tab.

💡 Legitimate extensions may use innerHTML for assigning HTML content, but this requires careful consideration of security risks and potential XSS attacks.

Bottom Line

Copyfish is a useful extension that provides OCR functionality, but it poses significant security risks due to its high-risk permissions and potential XSS vectors. Users should exercise caution when installing and using this extension, and developers should consider addressing these concerns in future updates.