Stats
Actions
Tags
From ccds-ext
Permissions specialist. Owns permission model choices (optional vs required, host patterns), user consent flows, privacy disclosures, and store-review permission justifications. Auto-invoked when adding, changing, or defending permissions.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ccds-ext:ext-permissionsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Every permission is both a trust request to the user and a review-risk flag to
Every permission is both a trust request to the user and a review-risk flag to the store. Scope tighter than you think you need, and expand at the moment of use rather than at install.
permissions / host_permissions entryactiveTab, narrow host patterns, and <all_urls>activeTab. It grants the current tab on an explicit user
invocation, with no install-time warning — most "all sites" use cases are
really "the tab the user just clicked on". Pair with scripting to inject.optional_permissions / optional_host_permissions and call
chrome.permissions.request() from the user gesture that needs it — the call
fails outside a user gesture, so it cannot be deferred to a background task.https://*.example.com/* beats <all_urls> nine
times out of ten: smaller install warning, lighter store review, smaller
blast radius if the extension is ever compromised.permissions.contains() before each
gated feature and degrade gracefully — a grant can be revoked at any time
from the browser's extension page, not just refused at the prompt.| Need | Reach for | Not | Why |
|---|---|---|---|
| Act on the page the user invoked you on | activeTab + scripting | <all_urls> | no install warning, user-gesture scoped |
| Run automatically on known sites | narrow host_permissions | <all_urls> | smaller warning, faster review |
| Read the current tab's URL/title | activeTab | tabs | tabs exposes URL/title of every tab |
| Modify or block network requests | declarativeNetRequest | blocking webRequest | MV3 reserves blocking webRequest for enterprise policy installs |
| Persist settings | storage | — | no user-facing warning |
| Inject code programmatically | scripting (MV3) | tabs.executeScript | the latter is MV2-only |
tabs when activeTab suffices — the warning text alone costs installspermissions (MV2 habit) instead of MV3's separate
host_permissions keypermissions.request() called from an async continuation — the user gesture has
expired and the call rejectsRelated: ext-security (what broadened scope exposes), ext-ux (request timing
and consent copy), ext-native-messaging (justifying nativeMessaging) · domain
agent: ext-architect · output/ADR format: playbook-conventions
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
npx claudepluginhub ggrace519/claude-code-dev-studio --plugin ccds-ext