How can I be sure that Sporran isn’t abusing my clipboard data?
The risk that apps on your computer could abuse your clipboard data is a known security issue generally and is the reason that many password managers offer auto-fill for sensitive data (recommended). An additional common security risk is that with the proliferation of keylogger malware, one cannot be sure that even passwords typed via the keyboard are safe. (Another reason to use auto-fill.)
With Sporran, you have a mighty ally on your side: your browser. Browser makers recognize the existence of this security problem and usually only allow access to the clipboard in response to user action. If you haven’t recently clicked anything on a website or in an extension, the browser generally prevents that website or extension from reading your clipboard. Chrome also has a configuration option to only activate an extension after you click its icon.
Additionally, the open-source code of Sporran allows anyone with knowledge of software development to take a look at the code and see that Sporran does not abuse its permissions.