πŸ“¦

Loom %E2%80%93 Screen Recorder Sc

πŸ” Security Report Available
πŸ‘₯ 8M+ users
πŸ“¦ v5.5.167
πŸ’Ύ 23.16MiB
πŸ“… 2026-02-15
βž• Add to Chrome

Lets you record your screen and camera with one click, sharing the content in an instant with a link, making it easy for anyone to capture and share high-quality video recordings. Suitable for individuals who frequently need to create tutorial videos, demonstrate software, or share their screen with others. Ideal for users who value simplicity and speed when recording and sharing screen content.

Overview

Record your screen and camera with one click. Share that content in an instant with a link.

Tags

Productivity/communication screenshot productivity/communication

Privacy Practices

βœ… Does not sell your data to third parties
βœ… Does not use data for unrelated purposes

Security Analysis

Analyzed v5.5.169 Β· Feb 21, 2026 Β· 546 JS files Β· 61491 KB scanned

Permissions

activeTab alarms contextMenus cookies desktopCapture scripting storage system.cpu system.display tabCapture webNavigation webRequest

Code Patterns Detected

eval() used β€” can execute arbitrary code Makes HTTP requests Listens to keyboard events Potential data exfiltration pattern

External Connections

www.w3.org github.com s3.amazonaws.com cdn.loom.com www.loom.com support.loom.com stage.loom.com reactjs.org api.segment.io dashif.org loom.com bit.ly +8 more

What This Extension Does

The Loom – Screen Recorder Sc extension allows users to record their screen and camera with one click, sharing the content instantly via a link. It appears to be designed for productivity and communication purposes.

Permissions Explained

  • activeTab: Allows the extension to access the currently active tab in the browser.
- Standard for extensions that interact with web pages.
  • alarms: Enables the extension to schedule alarms or notifications.
- Unusual for a screen recording extension, but could be used for reminders or notifications related to recordings.
  • contextMenus: Allows the extension to add custom context menus to the browser.
- Unusual; typically used by extensions that need to provide actions on specific web page elements.
  • cookies: Grants access to cookies stored in the browser.
- Standard for many extensions, especially those interacting with websites or providing services related to browsing history.
  • desktopCapture: Enables the extension to capture the user's desktop screen.
- Expected for a screen recording extension.
  • scripting: Allows the extension to execute scripts on web pages.
- Unusual; typically used by extensions that need to manipulate web page content programmatically, which is not directly related to screen recording.
  • storage: Enables the extension to store data locally in the browser.
- Standard for many extensions, especially those providing services that require storing user preferences or settings.
  • system.cpu, system.display: Allows the extension to access system-level information about CPU and display capabilities.
- Unusual; typically used by extensions that need detailed system information for performance optimization or other advanced features not directly related to screen recording.
  • tabCapture: Enables the extension to capture screenshots of web pages.
- Expected for a screen recording extension.
  • webNavigation, webRequest: Allows the extension to intercept and modify HTTP requests made by the browser.
- Unusual; typically used by extensions that need to monitor or manipulate network traffic, which is not directly related to screen recording.
  • <all_urls>: Grants access to all URLs visited in the browser.
- High-risk permission due to its broad scope. Expected for a screen recording extension that needs to capture content from any web page.
  • *://.loom.com/: Allows the extension to communicate with Loom's servers.
- Expected for an extension that records and shares content, as it would need to upload recordings.

What We Found in the Code

  • [high] eval() used β€” can execute arbitrary code: This is a high-risk flag because eval() can execute any JavaScript code provided to it. However, without more context, it's difficult to say if this is being used maliciously or for legitimate purposes (e.g., dynamically loading scripts based on user input). Given the extension's purpose and permissions, it seems likely that this could be used for legitimate reasons.
  • [info] Makes HTTP requests: This is a normal pattern in web development. Extensions often need to make API calls to their servers for various operations, including uploading recorded content.
  • [high] Listens to keyboard events: This can be a high-risk flag if the extension listens to keyboard events on pages outside its UI or uses this information maliciously. However, given the extension's purpose and permissions, it seems likely that this is used for legitimate purposes such as shortcuts within the extension's UI.
  • [medium] Potential data exfiltration pattern: This flag suggests a potential issue with how the extension handles data. Without more context, it's hard to say if this is a genuine concern or just a false positive.

External Connections

The extension communicates with various domains including:
  • www.w3.org (expected for web development standards)
  • github.com, gitlab.com (expected for version control and collaboration tools)
  • cdn.loom.com, www.loom.com, support.loom.com, stage.loom.com (expected for the extension's functionality, including uploading recordings)
  • Other domains like api.segment.io and dashif.org are less clear without more context but could be related to analytics or other services used by the extension.

Things to Consider

Given the extension's purpose and permissions, it seems that most of its capabilities are aligned with what is expected for a screen recording and sharing tool. The high-risk permissions like <all_urls> and the use of eval() are concerning but could be justified if they're used for legitimate purposes within the context of the extension's functionality. Users should consider whether an extension with such broad access to their browsing data is necessary for its claimed purpose.
πŸ“¦
Elevate your writing with QuillBot's AI-powered productivity tools: Grammar Checker, Paraphrasing Tool, AI writer, and m…
Productivity/communication AI
πŸ“¦
Free, unlimited email tracker for Gmail, trusted by millions. Accurate, reliable, GDPR-compliant, and Google-audited.
Productivity/communication
πŸ“¦

Hubspot Sales

1M+ users
Email tracking, CRM for Gmail, and sales productivity tools in your inbox
Productivity/communication
πŸ“¦
IntΓ©grez Antidote Γ  votre navigateur pour corriger vos textes en temps rΓ©el et consulter ses dictionnaires et guides lin…
Productivity/communication