Handy Mouse Pack
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Handy Mouse Pack turns everyday actions like copying, pasting, clearing fields, dropdown selection, scrolling, and resizing images into quick, one-action mouse operations.
# Features and How to Use
- **Copy Selected Text**: Just drag to select text, and it will automatically be copied to the clipboard.
- **Paste from Clipboard (Text Areas & Text Boxes)**: Click the middle mouse button (mouse wheel click) on a text area or text box to instantly paste the clipboard contents.
- **Clear Text Boxes**: Scroll the mouse wheel while hovering over a text box to quickly clear its contents and prepare for new input.
- **Change Dropdown Selections**: Scroll the mouse wheel while hovering over a dropdown menu to easily change the selected option.
- **Scroll Page with Middle Button Drag**: Hold the middle mouse button and drag to scroll the page proportionally to the mouse movement.
- **Resize Images with Right Button Drag**: Right-click and drag on an image to resize it. Dragging right or down enlarges the image, while dragging left or up shrinks it. To reset the image to its original size, simply right-click on it.
# Source code
https://github.com/ronekko/handy_mouse_pack
Tags
Privacy Practices
Security Analysis — Handy Mouse Pack
Permissions
Code Patterns Detected
Package Contents 6 files · 52KB
What This Extension Does
Handy Mouse Pack is a utility extension designed to streamline common browser interactions by enabling one-action mouse gestures for copying, pasting, clearing fields, scrolling, and resizing images. It solves the problem of repetitive clicking or keyboard shortcuts by leveraging advanced mouse event listeners to automate these tasks directly within web pages. This tool is primarily for power users seeking faster workflows in text-heavy environments like coding editors, forums, or forms.
Permissions Explained
- clipboardReadexpected: This permission allows the extension to read the contents of your clipboard so it can automatically copy selected text when you drag over it.
Technical: Accesses the chrome.clipboard.read API. Grants access to all data currently on the system clipboard, including potentially sensitive information like passwords or personal notes if they are copied elsewhere. - clipboardWriteexpected: This permission allows the extension to write data to your clipboard so it can instantly paste content when you click the middle mouse button.
Technical: Accesses the chrome.clipboard.write API. Enables injecting arbitrary text strings into the clipboard buffer, which is necessary for the 'Paste' feature but requires trust in the extension's integrity.
Your Data
This extension does not send any data to external servers. It operates entirely locally within your browser session, accessing only the clipboard and page content via injected scripts.
Technical Details
Code Findings
The extension's code is injected into every website you visit ('<all_urls>'). While this is necessary for it to work everywhere, it means the extension has access to the content of any page you open.
Technical: Manifest V3 'matches' array includes '<all_urls>'. Content scripts are executed in the context of every navigable URL. This increases the attack surface if the extension code were to be compromised or contain a vulnerability, as it could theoretically read data from any site.
💡 Universal injection is required for features like 'Copy Selected Text' and 'Resize Images' to function regardless of the current website.
The extension does not enforce a strict security policy on its own code. If someone were to trick you into loading malicious code, it might be able to run more freely than intended.
Technical: Manifest V3 'content_security_policy' field is absent or set to default (default-src *). This allows scripts from any origin to execute within the extension's context if injected via XSS on a host page. A strict CSP would restrict script execution to only the extension's own files.
💡 Developers often omit CSPs during early development or for small utilities where the risk of self-injection is low, assuming the user trusts the source.
This permission gives the extension access to whatever you have copied. If this extension were hacked, an attacker could potentially read your passwords or private messages if they happen to be on your clipboard.
Technical: The 'clipboardRead' permission is flagged as HIGH risk because it bypasses the browser's sandbox for clipboard data. An exploit in the content script could exfiltrate clipboard contents to a remote server (if network permissions were also granted) or log them locally.
💡 Essential for the 'Copy Selected Text' feature described in the developer documentation.
Handy Mouse Pack appears to be a legitimate utility tool with permissions strictly aligned to its stated functionality of automating mouse gestures. However, it carries inherent risks typical of 'all-urls' extensions: it has broad access to page content and lacks a Content Security Policy. While the clipboard permissions are necessary for its core features, users should exercise caution if they frequently copy sensitive data (like passwords) to their system clipboard while this extension is active, as the extension holds read access to that buffer.
