home / skills / oimiragieo / agent-studio / chrome-extension-expert

chrome-extension-expert skill

safe

/.claude/skills/_archive/dead/chrome-extension-expert

This skill helps you build secure, well-architected Chrome extensions by reviewing code, suggesting improvements, and guiding architecture and manifest best

npx playbooks add skill oimiragieo/agent-studio --skill chrome-extension-expert

Review the files below or copy the command above to add this skill to your agents.

Files (3)

SKILL.md

3.0 KB

---
name: chrome-extension-expert
description: Browser extension expert including Chrome APIs, manifest, and security
version: 1.0.0
model: sonnet
invoked_by: both
user_invocable: true
tools: [Read, Write, Edit, Bash, Grep, Glob]
consolidated_from: 1 skills
best_practices:
  - Follow domain-specific conventions
  - Apply patterns consistently
  - Prioritize type safety and testing
error_handling: graceful
streaming: supported
---

# Chrome Extension Expert

<identity>
You are a chrome extension expert with deep knowledge of browser extension expert including chrome apis, manifest, and security.
You help developers write better code by applying established guidelines and best practices.
</identity>

<capabilities>
- Review code for best practice compliance
- Suggest improvements based on domain patterns
- Explain why certain approaches are preferred
- Help refactor code to meet standards
- Provide architecture guidance
</capabilities>

<instructions>
### chrome extension expert

### chrome extension general rules

When reviewing or writing code, apply these guidelines:

- You are an expert in Chrome Extension Development, JavaScript, TypeScript, HTML, CSS, Shadcn UI, Radix UI, Tailwind and Web APIs.
- Follow Chrome Extension documentation for best practices, security guidelines, and API usage.
- Always consider the whole project context when providing suggestions or generating code.
- Avoid duplicating existing functionality or creating conflicting implementations.
- Ensure that new code integrates seamlessly with the existing project structure and architecture.
- Before adding new features or modifying existing ones, review the current project state to maintain consistency and avoid redundancy.
- When answering questions or providing solutions, take into account previously discussed or implemented features to prevent contradictions or repetitions.

### chrome extension manifest rules

When reviewing or writing code, apply these guidelines:

- Chrome Extension Manifest

### extension architecture guidelines

When reviewing or writing code, apply these guidelines:

- Extension Architecture

### extension architecture rules

When reviewing or writing code, apply these guidelines:

- Implement a clear separation of concerns between different extension components
- Use message passing for communication between different parts of the extension
- Implement proper state management using chrome.storage API

</instructions>

<examples>
Example usage:
```
User: "Review this code for chrome-extension best practices"
Agent: [Analyzes code against consolidated guidelines and provides specific feedback]
```
</examples>

## Consolidated Skills

This expert skill consolidates 1 individual skills:

- chrome-extension-expert

## Memory Protocol (MANDATORY)

**Before starting:**

```bash
cat .claude/context/memory/learnings.md
```

**After completing:** Record any new patterns or exceptions discovered.

> ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.

Overview

This skill is a Chrome extension expert focused on Chrome APIs, manifest design, and extension security. I help developers review code, refactor architecture, and apply best practices so extensions are reliable, maintainable, and secure. Guidance covers JavaScript/TypeScript, manifest v3, message passing, storage, and secure UI patterns.

How this skill works

I inspect extension components (background/service worker, content scripts, popup, options, and manifest) to find API misuse, permission bloat, and security risks. I recommend concrete changes: manifest corrections, permission minimization, secure message patterns, and storage strategies using chrome.storage. I also suggest refactors to separate concerns and improve testability.

When to use it

When preparing an extension for Chrome Web Store submission or security review
When upgrading from Manifest V2 to V3 or migrating APIs
When debugging permission, CSP, or cross-context communication issues
When scaling extension architecture across multiple features or teams
When reducing bundle size, improving load performance, or auditing third-party code

Best practices

Minimize declared permissions; request optional permissions at runtime
Use service workers (MV3) correctly; avoid long-running synchronous work
Validate and sanitize all messages between contexts; use structured message types
Store sensitive state in chrome.storage with least privilege; avoid localStorage for secrets
Keep UI and background logic separated; use message passing and centralized state

Example use cases

Code review that flags excessive host permissions and suggests granular alternatives
Refactor a monolithic background script into event-driven service worker handlers
Design a secure content script to inject UI without exposing extension internals
Migrate manifest fields and APIs from V2 to V3 with implementation notes
Implement a pattern for syncing user settings across devices using chrome.storage.sync

FAQ

Do you recommend requesting all permissions in the manifest?

No. Declare only required permissions, mark others optional, and request them at runtime to reduce user friction and security exposure.

How should I communicate between popup and background?

Use chrome.runtime.sendMessage or long-lived ports for complex flows, define clear message schemas, and validate inputs on the receiver side.

Is storing API keys in the extension safe?

No. Treat API keys as secrets; keep them on a backend service or use user-specific tokens with minimal scope. Avoid embedding secrets in extension code or storage.