I came across the claude for chrome extension recently… Has anyone else tried using it … is it safe to use in a node js Tiddlywiki used only for development purpose
At https://chromewebstore.google.com/detail/claude/fcoeoabgfenejglbffodgkkbkcdhcgfn
it say:
USE SAFELY Browser AI can encounter prompt injection—hidden instructions on websites that attempt to hijack Claude’s actions. We’ve built defenses and tested extensively, but recommend these practices: Start with trusted sites: Grant permissions to familiar websites first Review sensitive actions: Always confirm before Claude handles financial, personal, or work-critical tasks Report unexpected behavior: Help us improve by flagging issues through feedback options Full safety guide: Get started with Claude in Chrome | Claude Help Center
- so I would say it is not safe>>>
As I mentioned in another thread I have been experimenting with running local models. My motivation is primarily to avoid sending sensitive information to the cloud, but it also gives me more control over security. For example, I don’t allow the LLM any network access. Given the way that LLMs work, prompt injection is not particularly difficult to pull off, and we should expect to see more of it.
Is it not safe even in the below two conditions
- If the gmail account used in that chrome browser is not used for any other purposes.
- If the node js wiki contain not sensitive data, but just the development related tiddlers.
basically the extension at some point will hit a website that contain hidden ai instructions, telling the ai to hack your computer, steal your passwords… Maybe it will find a way, maybe not…
You meant even if I don’t open any tab otherthan my wiki in my chrome, still the extension can do this. Can we tell the extension to take data from Tiddlywiki.com and talk Tiddlywiki forum only (not from any other sites). Is that possible?
I am not sure whether one extension could block another extension 100%, you could get an ai to write extensions for you. Maybe there is another way to do what you want… firefox has an ai sidebar that can read the text of the current page