Skills
.Work. You
Rest

security-best-practices

Community

Secure Chrome extensions with best practices.

Software Engineering#security#XSS#CSP#permissions#best-practices#chrome-extension#secure-messaging
Authorfrancanete
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Chrome extensions often suffer from permission bloat, insecure messaging, and vulnerable DOM interactions that expose users to data leakage and attacks. This Skill provides structured guidance to tighten security without sacrificing functionality.

Core Features & Use Cases

  • Principle of least privilege: minimize permissions and host_permissions to the narrowest scope.
  • Content Security Policy (CSP): configure MV3 CSP to block unsafe scripts and inline code.
  • XSS prevention: safe DOM manipulation, proper sanitization, and safe URL handling.
  • Secure messaging: validate message sources and content, and tightly scope externally connectable recipients.
  • Secure storage and data protection: encrypt sensitive data and avoid storing secrets client-side.
  • Debug and auditing workflows: run security checks during CI and perform regular reviews.

Quick Start

Audit the extension manifest to minimize permissions and configure a strict CSP; implement safe DOM handling, and secure messaging.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-best-practices
Download link: https://github.com/francanete/fran-marketplace/archive/main.zip#security-best-practices

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.