FAQUpdated 2026-05-13·1 min read

Why does Clipus need these permissions?

A line-by-line explanation of every Chrome permission Clipus requests, and what it cannot do with them.

Clipus asks for the permissions needed to turn a user-selected SaaS page into a campaign video. The full manifest is below.

The full permission set

  • activeTabCapture selected evidence from the current tab after you start the Workbench campaign flow.
  • storageStore Clipus sign-in state, tokens, Workbench session state, and limited local extension state.
  • offscreenRun locally bundled image and text processing without opening a visible tab or window.
  • scriptingRun locally bundled content scripts on the active tab during user-initiated Workbench flows.
  • sidePanelShow the Clipus Workbench after you click the toolbar icon.

Host permission: https://*/* — used for user-started Workbench capture and limited signed-in intelligence snapshots on SaaS pages.

What we deliberately do not ask for

  • tabs — would let us enumerate open tabs. We only use active-tab access for the current page.
  • cookies — would let us read your sessions. We do not.
  • webRequest — would let us intercept network calls. We do not.
  • bookmarks, history, downloads — none of these are useful for our job.

Remote code

Clipus does not load or execute remote code. Extension scripts, content scripts, WebAssembly assets, and ONNX model files are bundled inside the extension package at build time. Sending confirmed campaign evidence to clipus.io for processing is not remote code execution.

Still need help? Contact us.
Was this helpful?