According to the latest numbers on the Chrome Web Store, Awesome Screenshot has 1,300,282 users. That is huge. Very huge, and very tempting.
I am no security expert, so I will borrow words of Miguel Jacq, a Linux administrator who has an interesting story to tell, about this extension and a related bot, “niki-bot”. He started seeing this new bot trying to access some pages that a regular crawler may not get access to, pages that require authentication to access, or to know even know that they exist. Somehow, niki-bot seems to know about these URLs.
Unless someone tracks your browsing activity from the browser, and stores it somewhere etc.
The tracking and transmission of your browsing history is happening automatically, silently, with no proper explanation in the extension’s details on the Chrome App Store. The potentially sensitive URLs are sent over plaintext HTTP in easily base64-decryptable form, and through the use of some ‘niki-bot’ crawler (which is apparently so malicious its User-Agent requires obfuscation with no reference to SimilarWeb, Awesome Screenshot, or any other explanation for its use – nor does it bother to respect robots.txt), seems to intend to make further reconnaissance against these URLs at a later date. I see little difference between a client-side attack and this ‘service’, except that it can be argued that the end user willingly (but maybe unwittingly) entered into the agreement.
I think that’s enough information for you to review your extension and decide for yourself what do. If you are looking for a mode detailed information and the complete story, read it here.