Browser Extension Skills for AI Coding Agents
Production-grade skill set for building, testing, analyzing, and publishing Chrome extensions with AI coding agents. Powered by Extension Booster.
Works with your favorite AI coding agent:
What Are AI Agent Skills?
AI Agent Skills are specialized instruction sets that turn AI coding agents into domain experts. Compatible with Claude Code, Cursor, Windsurf, GitHub Copilot, Cline, Aider, and more — skills give your AI agent deep knowledge of Chrome extension APIs, best practices, security patterns, and publishing workflows.
Each skill follows the progressive disclosure pattern: a concise SKILL.md is always loaded when the skill activates, while detailed reference files are loaded on-demand only when the agent needs deeper context. This keeps token usage efficient while providing comprehensive coverage.
How It Works
Install skills to your project or globally
Ask your AI agent to build your extension
Skills activate automatically based on your task
Why These Skills?
Chrome extension development is uniquely challenging: scattered documentation, confusing permission warnings, multi-context debugging, and opaque Chrome Web Store reviews. These skills turn your AI coding agent into an extension development expert that can:
Complete extension project in seconds
Features with proper API usage and framework detection
Optimized manifest.json with minimum permissions
Code for security vulnerabilities and CWS compliance
Across all extension contexts (SW, content, popup)
All required icons and store listing assets
To Chrome Web Store with CI/CD automation
Existing extensions from Manifest V2 to V3
Installation
Recommended: Using Skills CLI
Install all skills at once using the Skills CLI:
# Install all skills to your project
npx skills add quangpl/browser-extension-skills
# Install globally (available in all projects)
npx skills add quangpl/browser-extension-skills -g
# Install specific skills only
npx skills add quangpl/browser-extension-skills -s extension-create,extension-dev
# List available skills before installing
npx skills add quangpl/browser-extension-skills -lAlternative: Manual Installation
# Clone the repository
git clone https://github.com/quangpl/browser-extension-skills.git
# Copy all skills to your project
cp -r browser-extension-skills/skills/* .claude/skills/
# Or copy to global Claude Code skills
cp -r browser-extension-skills/skills/* ~/.claude/skills/Install Individual Skills
# Copy only the skills you need
cp -r browser-extension-skills/skills/extension-create .claude/skills/
cp -r browser-extension-skills/skills/extension-dev .claude/skills/Quick Start
Once installed, just describe what you want in natural language. Your AI agent automatically activates the right skill.
Create a New Extension
> Create a Chrome extension that highlights all links on a pageYour AI agent activates extension-create → scaffolds with WXT → sets up entrypoints → configures manifest.
Develop Features
> Add a popup that shows link count and lets users toggle highlightingYour AI agent activates extension-dev → detects WXT + React → implements popup with chrome.tabs API.
Generate Assets
> Generate all icons and store listing screenshots for my extensionYour AI agent activates extension-assets → creates icons (16/32/48/128px) → generates listing images.
Analyze & Publish
> Analyze my extension for security issues and publish to Chrome Web StoreYour AI agent activates extension-analyze + extension-publish → scans security → validates listing → submits.
Skills Overview
extension-create
Auto-scaffold Chrome extensions with WXT framework
Use when: Starting a new extension project extension-dev
Develop features with framework detection and Chrome API guidance
Use when: Building new features, debugging extension-manifest
Generate manifest.json with optimal permissions from code analysis
Use when: Setting up or updating manifest extension-analyze
Security audit, best practices, CWS compliance checking
Use when: Pre-submission review, code quality extension-test
Unit, integration, and E2E testing with Puppeteer
Use when: Writing and running tests extension-assets
Generate icons, screenshots, and store listing images
Use when: Preparing visual assets extension-publish
Chrome Web Store submission, listing optimization, CI/CD
Use when: Publishing and updates extension-migration
Migrate from Manifest V2 to V3 with step-by-step guidance
Use when: Upgrading legacy extensionsextension-create
Auto-scaffold a Chrome extension project using the WXT framework with samples from Chrome Extensions Samples.
Supported Frameworks
Scaffold Command
npx wxt@latest init my-extension --template react
cd my-extension
pnpm install
pnpm dev # Dev mode with hot reload
pnpm build # Production build
pnpm zip # Store-ready zipEntrypoints Reference
| Feature | File to Create |
|---|---|
| Popup | entrypoints/popup/index.html + main.tsx |
| Background | entrypoints/background.ts |
| Content Script | entrypoints/content.ts |
| Options Page | entrypoints/options/index.html + main.tsx |
| Side Panel | entrypoints/sidepanel/index.html + main.tsx |
Extension Type → Configuration
| Type | Entrypoints | Permissions |
|---|---|---|
| Popup tool | popup | activeTab |
| Page modifier | content, background | activeTab or host_permissions |
| Side panel | sidepanel, background | sidePanel, storage |
| Tab manager | popup, background | tabs, storage |
| Context menu | background | contextMenus, activeTab |
extension-dev
Detect your framework/stack, find proper documentation, implement features, and debug across all extension contexts.
Auto Framework Detection
| File Found | Framework |
|---|---|
wxt.config.ts | WXT |
package.json has plasmo | Plasmo |
vite.config has @crxjs | CRXJS |
manifest.json in root | Vanilla |
Chrome API Quick Reference (Top 20)
| API | Purpose | Permission |
|---|---|---|
chrome.tabs | Query, create, update tabs | tabs |
chrome.storage.local | Persist data locally | storage |
chrome.storage.sync | Sync data across devices | storage |
chrome.action | Toolbar icon, popup, badge | — |
chrome.contextMenus | Right-click menu items | contextMenus |
chrome.sidePanel | Side panel UI | sidePanel |
chrome.scripting | Inject scripts/CSS | scripting |
chrome.runtime | Messaging, lifecycle | — |
chrome.alarms | Schedule periodic tasks | alarms |
chrome.commands | Keyboard shortcuts | commands |
Message Passing Pattern
// Popup → Service Worker (one-time message)
const response = await chrome.runtime.sendMessage({ type: 'GET_DATA' });
// Service Worker listener
chrome.runtime.onMessage.addListener((msg, sender, reply) => {
if (msg.type === 'GET_DATA') { reply({ data: '...' }); return true; }
});
// Background → Content Script (tab-targeted)
chrome.tabs.sendMessage(tabId, { type: 'ACTION' });Debugging by Context
| Context | How to Inspect |
|---|---|
| Service worker | chrome://extensions → "inspect" link |
| Content script | Page DevTools → Console → select extension context |
| Popup | Right-click popup → Inspect |
| Options / Side panel | Open page → F12 |
extension-manifest
Generate the best manifest.json based on your code. Analyzes Chrome API usage and maps to minimum required permissions.
Manifest Template (MV3)
{
"manifest_version": 3,
"name": "Extension Name",
"version": "1.0.0",
"description": "Brief description. Max 132 chars for CWS.",
"icons": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" },
"action": { "default_popup": "popup.html" },
"permissions": [],
"host_permissions": [],
"background": { "service_worker": "background.js", "type": "module" }
}Common Mistakes
| Error | Fix |
|---|---|
| host_permissions inside permissions | Move URLs to separate host_permissions array |
| Using <all_urls> | Narrow to specific domain patterns |
| tabs permission overuse | Use activeTab instead |
| CSP as string | Must be object: { "extension_pages": "..." } |
| web_accessible_resources as string[] | Use object with resources + matches |
Key MV3 Rules
host_permissionsis separate frompermissions- Service workers replace background pages (no DOM, no
window) - Remote code execution banned (no eval, no CDN scripts)
- Use
chrome.scripting.executeScript()nottabs.executeScript()
extension-analyze
Audit extensions for security vulnerabilities, performance issues, and Chrome Web Store policy compliance.
What Gets Scanned
Top 10 Issues Found in Extensions
| # | Issue | Severity |
|---|---|---|
| 1 | innerHTML with page-sourced data (XSS) | High |
| 2 | onMessage without sender origin check | High |
| 3 | <all_urls> host permission when not needed | Medium |
| 4 | unsafe-inline or unsafe-eval in CSP | Critical |
| 5 | API keys hardcoded in source | Critical |
| 6 | eval() or new Function() usage | Critical |
| 7 | chrome.storage.sync storing sensitive data | Medium |
| 8 | HTTP endpoints instead of HTTPS | High |
| 9 | Remote script loading (MV3 violation) | Critical |
| 10 | Missing web_accessible_resources restrictions | Medium |
extension-test
Set up and run unit, integration, and E2E tests for Chrome extensions.
Testing Architecture
Unit Tests (Jest) → Test isolated logic, chrome.* API mocks
Integration Tests (Jest) → Test service interactions, message passing
E2E Tests (Puppeteer) → Test in real Chrome with extension loadedCritical: Extensions CANNOT run in headless mode. E2E requires headless: false.
Quick Setup
npm install -D jest @types/jest ts-jest jest-chrome
npm install -D @testing-library/react @testing-library/jest-dom jsdom # For React
npm install -D puppeteer # For E2EE2E: Launch Extension in Chrome
import puppeteer from 'puppeteer';
import path from 'path';
const browser = await puppeteer.launch({
headless: false, // extensions require non-headless
args: [
`--disable-extensions-except=${path.resolve('dist')}`,
`--load-extension=${path.resolve('dist')}`,
],
});extension-assets
Generate all required icons and Chrome Web Store listing assets.
Required Assets
Extension Icons
16x16Favicon, context menus32x32Windows taskbar48x48Extensions page128x128CWS store icon
CWS Listing
1280x800Screenshots (1-5, required)440x280Small promo tile920x680Large promo tile1400x560Marquee promo tile
Generation methods: ImageMagick CLI, Gemini API for AI-generated images, or prompt templates for manual generation with any image tool.
extension-publish
Chrome Web Store submission, listing optimization, and CI/CD automation.
Publishing Workflow
Top 10 Rejection Reasons
- Single purpose violation — does too many unrelated things
- Excessive/unnecessary permissions
- Missing privacy policy (required when user data collected)
- Missing permission justification in submission form
- Description doesn't match functionality
- Keyword spam in title/description
- Remote code execution (eval, external scripts)
- Improper user data handling or disclosure
- Extension non-functional or crashes
- Broken features / inaccessible links
Listing Optimization Tips
- Title: Action verb + Benefit, max 45 chars, no keyword stuffing
- Description: First 150 chars appear in search — make them count
- Screenshots: Annotate features, show real UI, 1280×800
- Category: Choose most specific fit
extension-migration
Step-by-step migration from Manifest V2 to V3. Reference: Official Migration Guide.
Key Breaking Changes
| Area | MV2 | MV3 |
|---|---|---|
| Background | background.scripts/page | background.service_worker |
| Browser action | browser_action / page_action | action |
| Network blocking | webRequest (blocking) | declarativeNetRequest |
| Script injection | tabs.executeScript(string) | scripting.executeScript({func}) |
| Remote code | CDN scripts allowed | Must bundle locally |
| CSP | String value | Object {extension_pages: "..."} |
| Host permissions | In permissions array | Separate host_permissions array |
API Migration Map
chrome.extension.getURL() → chrome.runtime.getURL()
chrome.tabs.executeScript() → chrome.scripting.executeScript()
chrome.tabs.insertCSS() → chrome.scripting.insertCSS()
chrome.browserAction.* → chrome.action.*
chrome.pageAction.* → chrome.action.*
webRequest (blocking) → declarativeNetRequest
localStorage → chrome.storage.local
XMLHttpRequest → fetch()
setInterval (background) → chrome.alarmsTips & Best Practices
Permission Optimization
- Prefer
activeTabover broadtabs+ host permissions - Use optional permissions for non-essential features
- Run
extension-analyzebefore every CWS submission
Performance
- Keep content scripts under 50KB (lazy-load heavy logic)
- Service workers should be event-driven (no polling)
- Use
chrome.storage.sessionfor temporary data
Security
- Validate all message senders (
sender.id === chrome.runtime.id) - Never use
innerHTMLwith untrusted data - No API keys in source code; use a proxy server
Publishing
- First 150 chars of description appear in search results
- Screenshots at 1280x800 showing features convert best
- Single-purpose policy: one clear function per extension
Skill Architecture
Each skill follows the progressive disclosure pattern for optimal token efficiency:
skills/
├── extension-create/
│ ├── SKILL.md # Quick reference (< 150 lines, always loaded)
│ └── references/ # Detailed docs (loaded on-demand)
│ ├── wxt-scaffold-guide.md
│ ├── wxt-entrypoints.md
│ ├── extension-templates.md
│ └── chrome-samples-reference.md
├── extension-dev/
├── extension-manifest/
├── extension-analyze/
├── extension-test/
├── extension-assets/
├── extension-publish/
└── extension-migration/- SKILL.md — Always loaded when skill activates. Concise, actionable, < 150 lines.
- references/ — Loaded only when Claude needs deeper context. < 150 lines each.
Requirements
| Requirement | Details |
|---|---|
| AI Coding Agent | Claude Code, Cursor, Windsurf, GitHub Copilot, Cline, Aider, or similar |
| Node.js | v18+ recommended |
| npm / pnpm / yarn / bun | Any package manager |
| Chrome | For testing and debugging |
| Gemini API Key | Optional, for AI-generated assets |
Resources
Start Building Extensions with AI
Install these skills and let your AI coding agent handle the complexity of Chrome extension development.