Skills
skills/paulirish/dotfiles/Hot Reloading for Chrome Extensions/Gen Agent Trust Hub

Hot Reloading for Chrome Extensions

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • SAFE (SAFE): The client-side script (hot-reload-client.js) only performs extension reloads and tab refreshes when triggered by a local message, which is expected behavior for a development tool.
  • SAFE (SAFE): Communication is restricted to localhost:50523, ensuring no data is sent to external or untrusted servers.
  • SAFE (SAFE): The requested permissions (management, tabs) are consistent with the skill's purpose of detecting development mode and refreshing extension pages.
  • SAFE (SAFE): The Claude settings file (.claude/settings.local.json) correctly restricts WebFetch to the trusted code.claude.com domain.
  • [Information]: The server-side script hot-reload-server.mjs mentioned in the instructions was not provided in the analyzed files. However, the architectural description of using native fs.watch for a local development server is a standard and safe practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:14 PM