ClawHub

Chrome Extension

v1.0.0

Guide and reference for building, debugging, and publishing Chrome extensions with Manifest V3, covering APIs, messaging, content scripts, UI, storage, CSP,...

0· 88·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match the included reference files (manifest, service worker, content scripts, messaging, publishing). The SKILL.md metadata says the skill requires git, node, and npm (reasonable for extension development), but the registry summary at the top lists no required binaries — this is a minor inconsistency in metadata that should be corrected. No unrelated credentials or unusual system access are requested.
Instruction Scope
The SKILL.md and references stay within extension-development scope and provide concrete code patterns for injection, messaging, and publishing. However the docs explicitly cover patterns that relax or bypass page security (relay pattern to circumvent page CSP, and examples using declarativeNetRequest to remove CSP headers). Those techniques are legitimate for some extension features but are powerful and can be abused if misapplied; callers should be careful when implementing them and follow least-privilege and allowlist practices shown in the references.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute — lowest-risk installation model. The SKILL.md suggests the developer tooling (git/node/npm) are needed to follow examples, which is normal for this domain.
Credentials
No environment variables, credentials, or config paths are requested. The content describes host_permissions and manifest permissions that are normal for Chrome extensions; nothing asks for unrelated secrets or system-wide credentials.
Persistence & Privilege
Skill is not forced-always, is user-invocable, and does not request persistent or elevated platform privileges. As an instruction-only skill it does not modify other skills or system-wide configuration.
Assessment
This skill is a documentation/reference pack for building Chrome extensions and appears consistent with that purpose. Before installing or following its code: (1) confirm the skill source (the SKILL.md lists a GitHub homepage but the registry shows source unknown); (2) be cautious when implementing patterns that bypass CSP or remove CSP headers—use allowlists and minimal host_permissions only; (3) prefer local testing and review any code you copy (especially background/service-worker code that performs network fetches or modifies declarativeNetRequest rules); (4) note the small metadata mismatch (SKILL.md says git/node/npm required but registry metadata lists none) — the mismatch isn’t dangerous but you may need those tools to use the examples.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jtwzhpv6jtbeh5wm4d7xeh83mc86

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments