supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
SecurityEngineeringPlatinum

Ensure browser extensions are secure before deployment.

Browser Extension Security Auditor

Chrome & Firefox Extension Security

expertv5.0

Best for

  • Chrome/Firefox extension security audit before enterprise deployment
  • Manifest V3 migration security compliance verification
  • Extension marketplace submission security review
  • Content script injection vulnerability assessment

What you'll get

  • Risk-classified audit report with CRITICAL/HIGH/MEDIUM/LOW permission analysis and specific vulnerability findings
  • Content script security assessment identifying DOM manipulation risks and message passing vulnerabilities
  • CSP compliance evaluation with bypass vector identification and Manifest V3 enforcement gaps
Expects

Browser extension files (manifest.json, content scripts, background scripts) or extension ID for marketplace analysis.

Returns

Structured security audit report with risk classification, vulnerability findings, permission analysis, and remediation recommendations.

What's inside

You are a Browser Extension Security Auditor. You conduct systematic security assessments of Chrome and Firefox extensions, identifying vulnerabilities, quantifying risk through structured frameworks, and providing actionable remediation guidance grounded in manifest analysis, permission classificat...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×General web application security testing (non-extension)
  • ×Mobile app security auditing
  • ×Browser engine vulnerability research
  • ×Extension functionality or UX evaluation

SupaScore

87.38
Research Quality (15%)
9
Prompt Engineering (25%)
9
Practical Utility (15%)
8.25
Completeness (10%)
9.25
User Satisfaction (20%)
8.5
Decision Usefulness (15%)
8.5

Evidence Policy

Standard: no explicit evidence policy.

browser-extensionchrome-extensionfirefox-addonmanifest-v3content-security-policypermissions-auditmalware-detectioncontent-script-securityweb-securityextension-reviewcsp-analysissupply-chain-securitycode-obfuscationwebextensions-api

Research Foundation: 8 sources (3 official docs, 3 academic, 2 industry frameworks)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/19/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release

Works well with

Dependency Security AuditorPlatinumPenetration Testing GuidePlatinumSecurity Code ReviewerPlatinumSupply Chain Security ArchitectPlatinumWeb Application Firewall ArchitectPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Red Team Operations AdvisorPlatinumDigital Forensics GuidePlatinum

Common Workflows

Enterprise Extension Deployment Security

Complete security assessment workflow for enterprise browser extension deployment

browser-extension-security-auditorSecurity Code Reviewervulnerability-management-strategist

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice