Return to site

Tampermonkey is not safe reddit

broken image
broken image

Userscript managers aim to keep the userscripts safe as possible by limiting the stuff they can do. You can be quite certain it's not malicious. Tampermonkey is the most popular userscript manager and open source. Unless you allowed GreaseMonkey or other userscript manager access to your local files, which is almost impossible to do on accident, it can't access your KeePassXC vault.Īlso, what about the Tampermonkey extension itself? Does it inherently have any risks/malicious activities? Basically, everything a regular site can do, a userscript can as well. It can also listen to your inputs like what you're typing or what you copied/pasted on the site. A malicious userscript can steal your cookies and other identifiers on a site. Userscripts shouldn't be able to get your clipboard without a prompt, they can only set it.

broken image