glm-usage-monitor

Security Policy

This document describes the security model of GLM Usage Monitor — how it works, an honest threat model, and the one way it differs from the extension it was modeled on (msadofschi/claudetrack).

The extension is open source and unminified. Every claim below is checkable against the source in this repository, primarily manifest.json, background.js, popup.js, and options.js.

How it authenticates (and why it needs a key)

claudetrack reads claude.ai usage by riding your session cookie (credentials: 'include') — no key needed, because the page is cookie-authed.

GLM Coding Plan usage is not cookie-authed. The Z.AI monitor API (api.z.ai/api/monitor/usage/*) requires an Authorization: <token> header (the same Coding Plan key you use with Claude Code). So this extension asks you to paste that key once in Settings, and stores it locally. That is the unavoidable difference, and the rest of this model is about bounding its blast radius.

Permissions

Declared in manifest.json:

Permission Why What it does not grant
storage Persist the key + usage data + prefs locally No network, no page access, no sync
alarms Schedule the periodic refresh Nothing else
host: api.z.ai/api/monitor/usage/{quota/limit,model-usage,tool-usage} Read Z.AI usage Read-only; no other path on api.z.ai
host: open.bigmodel.cn/api/monitor/usage/{quota/limit,model-usage,tool-usage} Same, for the China platform Read-only

There is no cookies, tabs, scripting, webRequest, <all_urls>, or any broad host permission. There are no content scripts, no web_accessible_resources, and no externally_connectable.

What the extension can and cannot access

Can read (with your key) Cannot access
5-hour / weekly token usage %, totals, reset times Your chats, code, or files
Monthly MCP usage % + per-tool counts Billing or payment methods
24-hour model/tool usage counts Any non-monitor endpoint or other domain
Your plan tier label (e.g. Pro) The value of any other credential

Threat model

The stored key is the one real asset

Unlike claudetrack (which holds no credential), this extension stores your Coding Plan key. Realistically that key already grants more than this extension ever does — it can make model calls and spend your plan — so the extension does not increase the key’s reach. But a key stored on disk is a key worth protecting:

Supply chain / compromised release

This is the realistic, generic risk for any auto-updating extension. A compromised build is bounded by what the manifest already grants:

No dependency supply chain

The extension has zero third-party runtime dependencies: no package.json, no bundler, no build step. The JavaScript in this repository is exactly what runs. There is no npm layer for a malicious package to ride in through.

Out of scope

Data handling and privacy

Reporting a vulnerability

Open a private issue or contact the maintainer via the repository. Do not open a public issue for security problems.