this extension runs on claude.ai, a surface that handles potentially sensitive conversations. the security model matters.
- reads visible message text from the claude.ai DOM
- runs that text through a vendored js-tiktoken (cl100k_base) tokenizer locally
- displays a token estimate in a fixed-position pill
- persists settings to
chrome.storage.local:enabled,overheadsettings, calibration state - if calibration is opt-in enabled: sends visible conversation text to
https://api.anthropic.com/v1/messages/count_tokensusing the api key you supplied, to compute a correction factor. no other endpoints are contacted.
- send data over the network to any service other than
api.anthropic.com(and only when calibration is on) - store, log, or transmit conversation content beyond the calibration call described above
- request permissions beyond
storage, theclaude.aihost, and the optionalapi.anthropic.comhost (requested only when calibration is enabled) - inject remote scripts, use
eval, or useunsafe-inline - run on any domain other than
https://claude.ai/* - store or transmit your api key anywhere besides
chrome.storage.localand the anthropic api call
if you find a security issue, please do not open a public github issue.
instead, dm @25thprmr on x with:
- a description of the issue
- steps to reproduce
- the affected version
- any suggested fix
you should expect an initial response within 48 hours. confirmed issues will be patched and disclosed via a github security advisory.
only the latest minor release on main receives security fixes.
extension bundles are not yet signed. install only from this repo or from the chrome web store listing (once published).
before loading the unpacked extension, you can verify the manifest with:
cat manifest.json | grep -E '"permissions"|"host_permissions"|"optional_host_permissions"|"content_security_policy"'expected output should match exactly the values in main.