Web Extension Permissions
Unfortunately there's no way to get any fewer permissions, and the warnings are present for any extension which injects a script into a page, which is necessary for the extension to be able to show you when you which card to use or when you have an offer on a site, but *no* data about your browser history is ever sent to CardPointers or any third party (you can see this for yourself if you open the Console, Network tab, and you'll see all processing is done in-browser; the extension only communicates with my API server to get an updated list of merchant websites once per day or when you manually refresh the extension).
CardPointers is extremely privacy and security-focused, which is why great lengths were taken to build this extension instead of collecting user bank credentials so that there is no risk of your accounts getting locked or putting your data or credentials at risk.