browser-extension-dev_skill

This skill guides browser extension development with Manifest V3, minimal permissions, and cross-browser strategies to simplify secure, interoperable
  • Python

4

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill phrazzld/claude-config --skill browser-extension-dev

  • SKILL.md2.9 KB

Overview

This skill guides browser extension development with a focus on Manifest V3, minimal permissions, secure messaging, and cross-browser compatibility. It helps you design extensions for Chrome, Firefox, Safari, and Edge while avoiding common security and privacy pitfalls. Use it to plan manifests, permission requests, content/background scripts, and update strategies.

How this skill works

I inspect your extension design and recommend a Manifest V3 structure, permission scopes, and content/background script patterns that reduce risk. I validate message-passing boundaries, suggest feature-detection or polyfills for cross-browser APIs, and propose an update and versioning plan that preserves user data. Recommendations are concrete: manifest snippets, permission rationale, message validation examples, and rollout practices.

When to use it

  • Starting a new extension project (Manifest V3 required).
  • Requesting or narrowing permissions in your manifest.
  • Implementing content scripts, service workers, or message passing.
  • Ensuring compatibility across Chrome, Firefox, Safari, and Edge.
  • Planning release, changelog, or staged rollouts with preserved user data.

Best practices

  • Request the minimal permissions and justify each entry; avoid <all_urls> unless documented.
  • Use Manifest V3 service worker background scripts and content-security-policy for extension pages.
  • Validate all incoming messages and sender metadata before processing.
  • Use webextension-polyfill or feature detection to normalize cross-browser APIs.
  • Use optional permissions for non-core features and ask at runtime when needed.
  • Follow semantic versioning, show changelogs in-extension, and warn users of permission changes.

Example use cases

  • Create a Chrome/Firefox extension that injects content scripts only on allowed host patterns.
  • Design a background service worker that fetches from a specific API using host_permissions.
  • Add an opt-in feature that requests optional origins at runtime with chrome.permissions.request.
  • Migrate an existing Manifest V2 extension to Manifest V3 with cross-browser fallbacks.
  • Plan a staged rollout and changelog that preserves storage and highlights permission changes.

FAQ

Yes for new extensions: develop with Manifest V3 and avoid Manifest V2 for new projects.

When is <all_urls> acceptable?

Only with a clear, documented user benefit and explicit justification; prefer scoped host_permissions instead.

How do I support both Chrome and Safari?

Use webextension-polyfill, feature detection, and test on each browser; implement fallbacks for missing APIs.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational