Chrome Extension
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only Chrome extension development guide, but it covers powerful browser-extension capabilities that users should scope carefully.
This skill appears safe as an instruction-only Chrome extension guide. Before installing or using it, be aware that it may help generate extensions with powerful browser capabilities; review requested Chrome permissions, keep host access narrow, and approve npm/git/gh commands only when they match your intended task.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these tools, it may change project files, run package scripts, or interact with GitHub through an existing login.
The skill can edit files and run git, npm, and GitHub CLI commands. This is expected for a development assistant, but these commands can mutate local projects or authenticated GitHub state.
allowed-tools: Read Edit Write Glob Grep Bash(git:*) Bash(gh:*) Bash(npm:*) AskUserQuestion
Review proposed npm, git, and gh commands before approving them, especially commands that publish, push, install, or modify repositories.
Generated extension code could bypass website CSP restrictions or make privileged network requests if implemented too broadly.
The documentation teaches extension patterns for bypassing page CSP via a service worker relay. It also includes allowlist and sender-validation guidance, so this is purpose-aligned but security-sensitive.
The relay pattern (CSP bypass) ... Content script sends a request to the service worker, which performs the fetch and returns the result.
Use narrow host permissions, validate message senders and URLs, and avoid generic fetch relays that accept arbitrary destinations.
If copied into an extension without pruning, the extension may request access to sensitive browser/account data or many websites.
The reference lists sensitive Chrome extension permissions, including OAuth identity, cookies, tab metadata, and broad optional host access. These are examples, not hidden skill requirements.
"identity", // chrome.identity (OAuth)
"cookies", // chrome.cookies
"tabs", // chrome.tabs ...
"optional_host_permissions": ["https://*/*"]Only include permissions needed for the specific extension feature, prefer activeTab or optional permissions, and avoid broad all-site access unless clearly necessary.
An extension built from these patterns could keep injecting scripts on matching sites across browser restarts.
The docs explain how to register persistent dynamic content scripts. This is a normal Chrome extension feature, but persistence should be deliberate and removable.
Dynamic content scripts persist across browser restarts ... persistAcrossSessions: true
Scope matches narrowly, document persistence to users, and include cleanup or unregister paths for dynamic content scripts.