[{"data":1,"prerenderedAt":1262},["ShallowReactive",2],{"help-category-\u002Fsecurity-privacy\u002Fbrowser-extension-security":3,"help-article-\u002Fsecurity-privacy\u002Fbrowser-extension-security":4,"related-articles-\u002Fsecurity-privacy\u002Fbrowser-extension-security":285},[],{"id":5,"title":6,"body":7,"category":267,"description":268,"draft":269,"extension":270,"meta":271,"navigation":272,"order":273,"path":274,"relatedArticles":275,"seo":279,"slug":280,"stem":281,"updatedAt":282,"__hash__":283,"excerpt":268,"searchText":284},"help\u002Fhelp\u002Fsecurity-privacy\u002F08.browser-extension-security.md","Browser extension security",{"type":8,"value":9,"toc":253},"minimark",[10,19,24,27,33,39,49,55,69,75,80,91,98,105,109,141,148,152,158,173,176,180,183,202,205,208,212,228,235,239,246],[11,12,13,14,18],"p",{},"The ",[15,16,17],"strong",{},"MultiClaw Chrome Extension"," is a Manifest v3 extension for Chrome, Edge, Brave, and other Chromium-based browsers. It records browser workflows and sends the recorded data to the desktop app over localhost. The extension requests only the permissions it needs and does not send anything to the internet.",[20,21,23],"h2",{"id":22},"permissions","Permissions",[11,25,26],{},"The extension requests six permissions. Each has a specific, limited purpose.",[11,28,29,32],{},[15,30,31],{},"activeTab",": Lets the extension interact with the currently active tab when you trigger an action from the popup.",[11,34,35,38],{},[15,36,37],{},"tabs",": Lets the extension read tab URLs, titles, and indices across open tabs. Recording uses this to enumerate tabs and attach recording hooks to each one.",[11,40,41,44,45,48],{},[15,42,43],{},"scripting",": Lets the extension inject the recording content script into a tab when recording begins. This works alongside ",[46,47,37],"code",{}," to capture pages you navigate to during a session.",[11,50,51,54],{},[15,52,53],{},"alarms",": Keeps the background service worker alive during long recordings by scheduling a keepalive alarm every 30 seconds.",[11,56,57,60,61,64,65,68],{},[15,58,59],{},"storage",": Stores recording state and captured events in the browser's built-in storage. Recording state (active, paused, or idle) lives in ",[46,62,63],{},"chrome.storage.session"," and clears when you close the browser. Captured events live in ",[46,66,67],{},"chrome.storage.local"," and persist until transferred to the desktop app or automatically removed after 7 days, whichever comes first.",[11,70,71,74],{},[15,72,73],{},"unlimitedStorage",": Removes the default storage quota so longer recordings do not lose events.",[76,77,79],"h3",{"id":78},"host-permissions-and-content-script","Host permissions and content script",[11,81,82,83,86,87,90],{},"The extension's host permissions cover only ",[46,84,85],{},"http:\u002F\u002Flocalhost\u002F*"," and ",[46,88,89],{},"http:\u002F\u002F127.0.0.1\u002F*",". The extension does not request network access to any external domain.",[11,92,93,94,97],{},"The content script runs on all pages (",[46,95,96],{},"\u003Call_urls>",") so it can attach recording hooks to any site you visit. Without this scope, the extension would need to re-inject the content script each time you navigate to a new page during a recording — missing page transitions in the process.",[11,99,100,101,104],{},"Every event handler in the content script checks an ",[46,102,103],{},"isRecording"," flag before executing. When no recording is active, the handlers exit immediately. No clicks, keystrokes, or page content are captured outside a recording session.",[20,106,108],{"id":107},"what-the-extension-does-not-do","What the extension does not do",[110,111,112,119,125,135],"ul",{},[113,114,115,118],"li",{},[15,116,117],{},"Does not capture while idle",": The content script's event handlers are inactive unless a recording is in progress. No data is collected while you browse normally.",[113,120,121,124],{},[15,122,123],{},"Does not transmit to MultiClaw Cloud directly",": The extension communicates only with the desktop app over localhost through a local HTTP relay. The desktop app handles any subsequent sync to MultiClaw Cloud, not the extension.",[113,126,127,130,131,134],{},[15,128,129],{},"Does not store passwords",": The content script excludes password input fields (",[46,132,133],{},"input[type=\"password\"]",") from capture.",[113,136,137,140],{},[15,138,139],{},"Does not access history or bookmarks",": The extension has no permissions for browser history or bookmark data.",[142,143,145],"callout",{"type":144},"warning",[11,146,147],{},"During an active recording, the extension does capture non-password form inputs such as text fields, dropdowns, and checkboxes. Avoid typing sensitive information like credit card numbers or personal IDs while a recording is in progress.",[20,149,151],{"id":150},"data-flow-during-recording","Data flow during recording",[11,153,154,155,157],{},"When you start a recording, the content script captures DOM events (clicks, navigation, form inputs, keyboard shortcuts, and scrolls) and forwards them to the background service worker. The service worker buffers events in memory and periodically flushes them to ",[46,156,67],{}," to survive service worker restarts.",[11,159,160,161,164,165,168,169,172],{},"When you stop and finalize the recording, the extension opens a ",[46,162,163],{},"multiclaw:\u002F\u002F"," deep link to wake the desktop app. It then transfers the complete event log to the desktop app's local relay server (",[46,166,167],{},"http:\u002F\u002F127.0.0.1:18799",") via an HTTP POST request. The desktop app stores the recording locally at ",[46,170,171],{},"~\u002F.openclaw\u002F",".",[11,174,175],{},"Once the transfer succeeds, the extension removes the events from local storage. If the transfer fails — for example, because the desktop app is not running — the events stay in local storage until the next successful transfer or the 7-day expiry. The extension transmits nothing to the internet during this process and communicates only with the desktop app over localhost.",[20,177,179],{"id":178},"data-retention","Data retention",[11,181,182],{},"Recorded data exists in two storage locations while the extension holds it:",[110,184,185,194],{},[113,186,187,190,191,193],{},[15,188,189],{},"Session storage"," (",[46,192,63],{},"): Stores the recording state (active, paused, or idle). This clears automatically when you close the browser.",[113,195,196,190,199,201],{},[15,197,198],{},"Local storage",[46,200,67],{},"): Stores captured events. These persist until transferred to the desktop app or automatically removed after 7 days, whichever comes first.",[11,203,204],{},"After a successful transfer, the extension deletes events from local storage immediately. If the desktop app is unavailable for an extended period, the 7-day expiry acts as a safety net so recorded data does not accumulate indefinitely.",[11,206,207],{},"Uninstalling the extension removes all of its stored data from the browser.",[20,209,211],{"id":210},"distribution-and-updates","Distribution and updates",[11,213,214,215,222,223,227],{},"The MultiClaw Chrome Extension is available from ",[216,217,221],"a",{"href":218,"rel":219},"https:\u002F\u002Fdownload.multiclaw.io",[220],"nofollow","download.multiclaw.io",". You install it manually (sideloaded) through your browser's developer mode rather than through the Chrome Web Store. See ",[216,224,226],{"href":225},"\u002Fhelp\u002Fgetting-started\u002Finstall-the-companion-browser-extension","Install the MultiClaw Chrome Extension"," for step-by-step instructions.",[11,229,230,231,234],{},"Because the extension is sideloaded, your browser does not update it automatically. To update, download the latest version from ",[216,232,221],{"href":218,"rel":233},[220]," and replace the existing extension files in your browser's extension directory.",[76,236,238],{"id":237},"verifying-the-extension","Verifying the extension",[11,240,241,242,245],{},"MultiClaw signs extension artifacts as part of the release process. Download the extension only from ",[216,243,221],{"href":218,"rel":244},[220]," to make sure you receive a signed, unmodified package. Do not install extension files obtained from third-party sources.",[11,247,248,249,172],{},"Source code is not publicly available. To report a security concern, contact ",[216,250,252],{"href":251},"mailto:security@multiclaw.io","security@multiclaw.io",{"title":254,"searchDepth":255,"depth":255,"links":256},"",2,[257,261,262,263,264],{"id":22,"depth":255,"text":23,"children":258},[259],{"id":78,"depth":260,"text":79},3,{"id":107,"depth":255,"text":108},{"id":150,"depth":255,"text":151},{"id":178,"depth":255,"text":179},{"id":210,"depth":255,"text":211,"children":265},[266],{"id":237,"depth":260,"text":238},"security-privacy","What permissions the MultiClaw Chrome Extension requests, how recorded data flows and is retained, and what the extension does not access.",false,"md",{},true,8,"\u002Fsecurity-privacy\u002Fbrowser-extension-security",[276,277,278],"security-privacy\u002Fsecurity-overview","security-privacy\u002Fdesktop-app-security","getting-started\u002Finstall-the-companion-browser-extension",{"title":6,"description":268},"browser-extension-security","help\u002Fsecurity-privacy\u002F08.browser-extension-security","2026-03-30","BEWDCt7cd9ggBc60xRfEoutQw8GnDPT_zjbMy2OPpCU","Browser extension security What permissions the MultiClaw Chrome Extension requests, how recorded data flows and is retained, and what the extension does not access.",[286,566,936],{"id":287,"title":288,"body":289,"category":267,"description":551,"draft":269,"extension":270,"meta":552,"navigation":272,"order":553,"path":554,"relatedArticles":555,"seo":561,"slug":562,"stem":563,"updatedAt":282,"__hash__":564,"excerpt":551,"searchText":565},"help\u002Fhelp\u002Fsecurity-privacy\u002F01.security-overview.md","Security overview",{"type":8,"value":290,"toc":536},[291,301,304,308,311,325,328,335,343,347,350,356,360,363,369,373,395,402,406,409,416,420,426,433,437,444,451,455,458,464,468,471,477,481,488,495,499,502,508,512,515,522,526,529],[11,292,293,294,297,298,172],{},"MultiClaw protects your data through multiple independent security layers: local credential storage, TLS connections, app sandboxing, and zero telemetry. Each layer works on its own, reducing the risk that a single vulnerability leads to broader exposure. The architecture follows ",[15,295,296],{},"defense-in-depth"," principles aligned with ",[15,299,300],{},"ISO\u002FIEC 27001:2022",[11,302,303],{},"This article gives you a high-level view of how MultiClaw handles security and privacy. Each section links to a dedicated article with full details.",[20,305,307],{"id":306},"separate-trust-zones","Separate trust zones",[11,309,310],{},"The desktop app, the local OpenClaw gateway, and MultiClaw Cloud operate as three distinct trust zones, each with its own authentication:",[110,312,313,319],{},[113,314,315,318],{},[15,316,317],{},"Desktop app",": connects to MultiClaw Cloud over HTTPS and WSS for API calls, real-time updates, agent configuration, and session data.",[113,320,321,324],{},[15,322,323],{},"Local OpenClaw gateway",": connects to MultiClaw Cloud separately over an authenticated WebSocket secured with short-lived signed tokens. These tokens rotate automatically, so a captured token expires before it can be reused.",[11,326,327],{},"Each connection enforces its own credentials. No zone shares authentication tokens with another.",[11,329,330],{},[331,332],"img",{"alt":333,"src":334},"MultiClaw security architecture — the four components and how they connect across trust boundaries","\u002Fimages\u002Fmulticlaw-security-architecture.png",[11,336,337,338,342],{},"See ",[216,339,341],{"href":340},"\u002Fhelp\u002Fsecurity-privacy\u002Fnetwork-security","Network security"," for details on how each connection is secured.",[20,344,346],{"id":345},"authentication-and-login-security","Authentication and login security",[11,348,349],{},"All authentication is handled by MultiClaw Cloud. You can sign in with email and password or through Multiplai single sign-on (SSO). Sessions use short-lived tokens that rotate automatically, and repeated failed login attempts trigger temporary account lockouts.",[11,351,337,352,355],{},[216,353,346],{"href":354},"\u002Fhelp\u002Fsecurity-privacy\u002Fauthentication-and-login-security"," for details on session handling, token rotation, and lockout policies.",[20,357,359],{"id":358},"roles-and-access-control","Roles and access control",[11,361,362],{},"MultiClaw uses role-based access control (RBAC) in workspaces. Each person is assigned exactly one role — Owner or Member — which determines what they can view, create, and manage. Permissions follow a least-privilege model: users only have access to what their role requires.",[11,364,337,365,368],{},[216,366,359],{"href":367},"\u002Fhelp\u002Fsecurity-privacy\u002Froles-and-access-control"," for the full permission matrix.",[20,370,372],{"id":371},"encryption-at-rest-and-in-transit","Encryption at rest and in transit",[11,374,375,378,379,382,383,386,387,390,391,394],{},[15,376,377],{},"Config values"," are stored in your local config file (",[46,380,381],{},"~\u002F.openclaw\u002Fopenclaw.json",") as plain JSON. The file is not encrypted at rest; it is protected by your operating system's file permissions. Credentials and API keys stored in ",[15,384,385],{},"MultiClaw Cloud"," receive an additional application-layer encryption with ",[15,388,389],{},"AES-256"," on top of AWS disk encryption. All connections to external MultiClaw services use ",[15,392,393],{},"TLS 1.2 or higher",", covering both HTTPS and WebSocket (WSS) traffic. Communication between the desktop app and the local OpenClaw gateway uses an unencrypted connection on localhost only — this traffic never leaves your machine.",[11,396,337,397,401],{},[216,398,400],{"href":399},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-encryption","Data encryption"," for the full encryption model.",[20,403,405],{"id":404},"local-first-data-storage","Local-first data storage",[11,407,408],{},"Your agents, conversations, and credentials are stored on your machine by default. When you're not connected to a workspace, everything stays local. When you connect to a workspace, conversation transcripts sync to MultiClaw Cloud automatically.",[11,410,337,411,415],{},[216,412,414],{"href":413},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-residency-and-storage","Data residency and storage"," for details on where your data lives.",[20,417,419],{"id":418},"credential-and-secret-storage","Credential and secret storage",[11,421,422,423,425],{},"Credentials and other sensitive values are stored in your local config file (",[46,424,381],{},") as plain JSON, protected by operating system file permissions. The desktop app does not send stored credentials to MultiClaw Cloud. Each credential is scoped to the context that needs it.",[11,427,337,428,432],{},[216,429,431],{"href":430},"\u002Fhelp\u002Fsecurity-privacy\u002Fhow-credentials-and-secrets-are-stored","How credentials and secrets are stored"," for details on how credentials are stored, scoped, and managed.",[20,434,436],{"id":435},"sandboxed-desktop-app","Sandboxed desktop app",[11,438,439,440,443],{},"The desktop app is built on ",[15,441,442],{},"Tauri v2",", which enforces a capability-based permission model. The interface layer cannot access your filesystem or start processes on its own. Every sensitive operation goes through an explicitly declared Tauri command, limiting the potential damage from any interface-level vulnerability.",[11,445,337,446,450],{},[216,447,449],{"href":448},"\u002Fhelp\u002Fsecurity-privacy\u002Fdesktop-app-security","Desktop app security"," for details on the sandboxing model and capability declarations.",[20,452,454],{"id":453},"browser-extension-isolation","Browser extension isolation",[11,456,457],{},"The MultiClaw Chrome Extension content script is loaded on all pages, but it only captures and transmits interaction data when a recording session is active. Event listeners are registered when the extension loads; they check whether recording is active before capturing anything, and no data is collected or sent between sessions.",[11,459,337,460,463],{},[216,461,6],{"href":462},"\u002Fhelp\u002Fsecurity-privacy\u002Fbrowser-extension-security"," for full details on what the extension accesses and when.",[20,465,467],{"id":466},"privacy-and-data-handling","Privacy and data handling",[11,469,470],{},"MultiClaw Desktop does not collect usage analytics or telemetry. If the app crashes, the crash log stays on your machine. Conversation content stays on your machine unless you choose to sync it to a workspace. MultiClaw Cloud stores only the account, workspace, and session data needed to operate the service.",[11,472,337,473,476],{},[216,474,467],{"href":475},"\u002Fhelp\u002Fsecurity-privacy\u002Fprivacy-and-data-handling"," for what data MultiClaw collects, how long it's retained, and your rights.",[20,478,480],{"id":479},"signed-updates-and-supply-chain-security","Signed updates and supply chain security",[11,482,483,484,487],{},"App updates are signed with ",[15,485,486],{},"minisign",". Before installing an update, the updater verifies the signature against the published public key and rejects any update with an invalid or missing signature. Third-party dependencies are pinned to exact versions, scanned for vulnerabilities, and reviewed before they ship.",[11,489,337,490,494],{},[216,491,493],{"href":492},"\u002Fhelp\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security","Dependency and supply chain security"," for the full scanning and review process.",[20,496,498],{"id":497},"allowed-external-connections","Allowed external connections",[11,500,501],{},"MultiClaw makes a fixed, documented set of outbound connections from your machine. Each connection has a specific purpose — API calls, real-time updates, AI execution, or update checks. No undocumented connections are made.",[11,503,337,504,507],{},[216,505,498],{"href":506},"\u002Fhelp\u002Fsecurity-privacy\u002Fallowed-external-connections"," for the full list of endpoints, protocols, and when each connection occurs.",[20,509,511],{"id":510},"incident-reporting","Incident reporting",[11,513,514],{},"If you discover a security vulnerability, you can report it directly to the MultiClaw security team. Reports are acknowledged within 24 hours and follow a structured triage and resolution process.",[11,516,337,517,521],{},[216,518,520],{"href":519},"\u002Fhelp\u002Fsecurity-privacy\u002Fincident-reporting-and-response","Incident reporting and response"," for how to submit a report and what to expect.",[20,523,525],{"id":524},"shared-responsibility","Shared responsibility",[11,527,528],{},"Security in MultiClaw is a shared effort. MultiClaw secures the infrastructure, encrypts data in transit, and hardens the app. You're responsible for protecting your credentials, managing workspace access, and configuring agents appropriately.",[11,530,337,531,535],{},[216,532,534],{"href":533},"\u002Fhelp\u002Fsecurity-privacy\u002Fshared-responsibility-model","Shared responsibility model"," for a clear breakdown of what each party owns.",{"title":254,"searchDepth":255,"depth":255,"links":537},[538,539,540,541,542,543,544,545,546,547,548,549,550],{"id":306,"depth":255,"text":307},{"id":345,"depth":255,"text":346},{"id":358,"depth":255,"text":359},{"id":371,"depth":255,"text":372},{"id":404,"depth":255,"text":405},{"id":418,"depth":255,"text":419},{"id":435,"depth":255,"text":436},{"id":453,"depth":255,"text":454},{"id":466,"depth":255,"text":467},{"id":479,"depth":255,"text":480},{"id":497,"depth":255,"text":498},{"id":510,"depth":255,"text":511},{"id":524,"depth":255,"text":525},"MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{},1,"\u002Fsecurity-privacy\u002Fsecurity-overview",[556,557,558,559,560],"security-privacy\u002Fdata-encryption","security-privacy\u002Fnetwork-security","security-privacy\u002Fbrowser-extension-security","security-privacy\u002Fhow-credentials-and-secrets-are-stored","security-privacy\u002Fprivacy-and-data-handling",{"title":288,"description":551},"security-overview","help\u002Fsecurity-privacy\u002F01.security-overview","3x0_VX5XDDMQT5kwODVWQnpjsjlxJfe0Lbg5V4Kim9I","Security overview MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{"id":567,"title":449,"body":568,"category":267,"description":924,"draft":269,"extension":270,"meta":925,"navigation":272,"order":926,"path":927,"relatedArticles":928,"seo":931,"slug":932,"stem":933,"updatedAt":282,"__hash__":934,"excerpt":924,"searchText":935},"help\u002Fhelp\u002Fsecurity-privacy\u002F07.desktop-app-security.md",{"type":8,"value":569,"toc":907},[570,576,580,591,594,598,612,616,619,623,634,637,643,647,654,698,701,705,710,713,717,732,735,739,742,780,783,787,790,820,823,827,830,846,849,852,856,859,870,874,877,903],[11,571,572,573,575],{},"The MultiClaw desktop app is built on ",[15,574,442],{},", a Rust-based framework designed to minimize the attack surface. Every security layer described below is enabled by default — you don't need to configure anything.",[20,577,579],{"id":578},"tauri-capability-model","Tauri capability model",[11,581,582,583,586,587,590],{},"The UI runs inside a ",[15,584,585],{},"WebView"," that is designed to have no direct access to the filesystem, processes, or system calls. To perform a privileged operation, the frontend must invoke a declared ",[15,588,589],{},"IPC command"," in the Rust core. Commands not listed in the capability configuration are blocked by the framework.",[11,592,593],{},"This boundary is designed to prevent a compromised script in the UI from escalating to the system layer through undeclared paths. The separation is enforced by Tauri's capability model at the framework level, not by application-layer runtime checks.",[76,595,597],{"id":596},"what-the-capability-model-covers","What the capability model covers",[110,599,600,606],{},[113,601,602,605],{},[15,603,604],{},"UI-to-system isolation",": the WebView is designed to be unable to reach the filesystem, execute shell commands, or access system APIs unless a specific IPC command is declared and exposed by the Rust core.",[113,607,608,611],{},[15,609,610],{},"Least privilege by default",": only the commands the app explicitly declares in its capability configuration are available. Everything else is blocked at the framework level.",[76,613,615],{"id":614},"what-the-capability-model-does-not-cover","What the capability model does not cover",[11,617,618],{},"The capability model isolates the WebView from the system. It does not protect against threats that originate outside the app, such as malware running at the OS level or a compromised system process. OS-level security (disk encryption, user account controls, endpoint protection) remains your responsibility.",[20,620,622],{"id":621},"content-security-policy","Content Security Policy",[11,624,625,626,629,630,633],{},"The WebView enforces a strict ",[15,627,628],{},"Content Security Policy (CSP)"," that blocks inline scripts, ",[46,631,632],{},"eval()",", and external script loading. This substantially limits what an attacker can do with a cross-site scripting (XSS) vector in the UI layer.",[11,635,636],{},"The CSP is set at the framework level and applies to every page rendered inside the app. Combined with the Tauri capability model, CSP acts as a second barrier: even if a script bypasses one layer, the other limits what that script can reach.",[142,638,640],{"type":639},"note",[11,641,642],{},"CSP reduces the impact of XSS but does not eliminate all injection risks. It is one layer in a defense-in-depth approach.",[20,644,646],{"id":645},"webview-rendering-engine","WebView rendering engine",[11,648,649,650,653],{},"Tauri v2 uses the ",[15,651,652],{},"operating system's built-in WebView"," rather than bundling a separate browser engine:",[655,656,657,670],"table",{},[658,659,660],"thead",{},[661,662,663,667],"tr",{},[664,665,666],"th",{},"Platform",[664,668,669],{},"WebView engine",[671,672,673,682,690],"tbody",{},[661,674,675,679],{},[676,677,678],"td",{},"macOS",[676,680,681],{},"WebKit (provided by Safari)",[661,683,684,687],{},[676,685,686],{},"Windows",[676,688,689],{},"WebView2 (provided by Microsoft Edge)",[661,691,692,695],{},[676,693,694],{},"Linux",[676,696,697],{},"WebKitGTK",[11,699,700],{},"Because the WebView is provided by the OS, it receives security patches through your regular OS updates. Keeping your operating system current is one of the most effective ways to maintain desktop app security.",[20,702,704],{"id":703},"update-integrity","Update integrity",[11,706,483,707,709],{},[15,708,486],{}," (Ed25519 public-key cryptography). Before installing an update, the updater verifies the signature against the embedded public key.",[11,711,712],{},"If verification fails, the update is rejected, and your current version stays unchanged. The app does not apply partially downloaded or unsigned updates.",[76,714,716],{"id":715},"how-updates-work","How updates work",[718,719,720,723,726,729],"ol",{},[113,721,722],{},"The app checks for available updates.",[113,724,725],{},"If a new version is found, the app downloads the update package and its signature file.",[113,727,728],{},"The updater verifies the signature against the public key embedded in your current installation.",[113,730,731],{},"If the signature is valid, the update is applied. If not, the update is discarded.",[11,733,734],{},"You can continue using the app while updates download. The update takes effect the next time you restart the app.",[20,736,738],{"id":737},"code-signing","Code signing",[11,740,741],{},"Every release is signed to protect against tampering.",[655,743,744,753],{},[658,745,746],{},[661,747,748,750],{},[664,749,666],{},[664,751,752],{},"Signing method",[671,754,755,762,772],{},[661,756,757,759],{},[676,758,678],{},[676,760,761],{},"Apple Developer ID certificate, notarized by Apple",[661,763,764,766],{},[676,765,686],{},[676,767,768,769,771],{},"Updater artifacts signed with ",[15,770,486],{}," (Ed25519)",[661,773,774,776],{},[676,775,694],{},[676,777,768,778,771],{},[15,779,486],{},[11,781,782],{},"On macOS, the operating system verifies the Developer ID certificate when you first open the app and blocks unsigned or tampered binaries. On Windows and Linux, the OS does not perform native binary verification, but the Tauri updater independently verifies the minisign signature before applying any update.",[76,784,786],{"id":785},"verify-your-installation-on-macos","Verify your installation on macOS",[11,788,789],{},"You can confirm the app's code signature by running this command in Terminal:",[791,792,796],"pre",{"className":793,"code":794,"language":795,"meta":254,"style":254},"language-bash shiki shiki-themes github-light github-dark","codesign --verify --deep --strict \u002FApplications\u002FMultiClaw.app\n","bash",[46,797,798],{"__ignoreMap":254},[799,800,802,806,810,813,816],"span",{"class":801,"line":553},"line",[799,803,805],{"class":804},"sScJk","codesign",[799,807,809],{"class":808},"sj4cs"," --verify",[799,811,812],{"class":808}," --deep",[799,814,815],{"class":808}," --strict",[799,817,819],{"class":818},"sZZnC"," \u002FApplications\u002FMultiClaw.app\n",[11,821,822],{},"If the signature is valid, the command produces no output. If the binary has been tampered with, you'll see an error message.",[20,824,826],{"id":825},"filesystem-access-scope","Filesystem access scope",[11,828,829],{},"The Rust core limits file access to known data directories:",[110,831,832,837,843],{},[113,833,834,836],{},[46,835,171],{},": agent data, sessions, configuration, and logs managed by OpenClaw",[113,838,839,842],{},[46,840,841],{},"~\u002F.multiclaw\u002F",": app preferences, workflow recordings, drafts, and MultiClaw-specific logs",[113,844,845],{},"The OS temp directory: transient working files",[11,847,848],{},"Requests that target paths outside these directories are not served by the Rust core's file access commands.",[11,850,851],{},"When you attach a file to a chat message or export data, the app uses your operating system's file picker. Access is scoped to the file or location you select — the app does not request broader directory access through this flow.",[20,853,855],{"id":854},"local-data-storage","Local data storage",[11,857,858],{},"Configuration files and session data are stored in the directories listed above. Authentication tokens are stored locally on your machine.",[142,860,862],{"type":861},"tip",[11,863,864,865,86,867,869],{},"If you share your computer, use a separate OS user account. Each OS account has its own ",[46,866,841],{},[46,868,171],{}," directories, keeping agent data and credentials isolated between users.",[20,871,873],{"id":872},"your-responsibilities","Your responsibilities",[11,875,876],{},"The desktop app handles isolation, signing, and access scoping automatically. These protections work alongside your own security practices, not instead of them:",[110,878,879,885,891,897],{},[113,880,881,884],{},[15,882,883],{},"Keep your OS updated."," WebView security patches arrive through OS updates. Delaying updates delays security fixes.",[113,886,887,890],{},[15,888,889],{},"Don't bypass code signing checks."," On macOS, don't disable Gatekeeper to run unsigned copies of the app. On Windows, install from official channels only.",[113,892,893,896],{},[15,894,895],{},"Use a strong account password."," The app authenticates against MultiClaw Cloud. A weak password on your cloud account undermines the security of your local session.",[113,898,899,902],{},[15,900,901],{},"Lock your computer."," Desktop app sessions persist while the app is open. Lock your screen when you step away to prevent unauthorized access.",[904,905,906],"style",{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":254,"searchDepth":255,"depth":255,"links":908},[909,913,914,915,918,921,922,923],{"id":578,"depth":255,"text":579,"children":910},[911,912],{"id":596,"depth":260,"text":597},{"id":614,"depth":260,"text":615},{"id":621,"depth":255,"text":622},{"id":645,"depth":255,"text":646},{"id":703,"depth":255,"text":704,"children":916},[917],{"id":715,"depth":260,"text":716},{"id":737,"depth":255,"text":738,"children":919},[920],{"id":785,"depth":260,"text":786},{"id":825,"depth":255,"text":826},{"id":854,"depth":255,"text":855},{"id":872,"depth":255,"text":873},"The desktop app isolates the UI from the system, signs every update, and restricts file access — all enabled by default.",{},7,"\u002Fsecurity-privacy\u002Fdesktop-app-security",[276,929,557,930],"security-privacy\u002Fdependency-and-supply-chain-security","security-privacy\u002Fdata-residency-and-storage",{"title":449,"description":924},"desktop-app-security","help\u002Fsecurity-privacy\u002F07.desktop-app-security","rA3kcK7wiPbTOZxq3mlIvbAS0xgV-rG_VxIcoNqVJEE","Desktop app security The desktop app isolates the UI from the system, signs every update, and restricts file access — all enabled by default.",{"id":937,"title":226,"body":938,"category":1247,"description":1248,"draft":269,"extension":270,"meta":1249,"navigation":272,"order":273,"path":1250,"relatedArticles":1251,"seo":1256,"slug":1257,"stem":1258,"updatedAt":1259,"__hash__":1260,"excerpt":1248,"searchText":1261},"help\u002Fhelp\u002Fgetting-started\u002F08.install-the-companion-browser-extension.md",{"type":8,"value":939,"toc":1238},[940,949,953,956,970,974,977,983,1028,1046,1053,1062,1066,1069,1108,1116,1124,1128,1147,1154,1158,1161,1189,1192,1200,1204,1223,1226,1230],[11,941,13,942,944,945,948],{},[15,943,17],{}," records your browser actions — clicks, typing, navigation — and turns them into ",[15,946,947],{},"skills"," your agents can repeat. You only need it if you plan to record browser-based workflows.",[20,950,952],{"id":951},"before-you-start","Before you start",[11,954,955],{},"The extension sends recordings to the MultiClaw desktop app on your machine, so the desktop app must be installed and running first.",[110,957,958,964],{},[113,959,960],{},[216,961,963],{"href":962},"\u002Fgetting-started\u002Finstall-multiclaw","Install MultiClaw",[113,965,966],{},[216,967,969],{"href":968},"\u002Fgetting-started\u002Fconnect-to-your-workspace","Connect to your workspace",[20,971,973],{"id":972},"install-the-extension","Install the extension",[11,975,976],{},"The MultiClaw Chrome Extension works in Chrome, Edge, Brave, and other Chromium-based browsers. It's installed manually (sideloaded) rather than from a browser extension store, so you load it through your browser's developer mode. The process takes about two minutes.",[11,978,979],{},[331,980],{"alt":981,"src":982},"The MultiClaw Chrome Extension download card on download.multiclaw.io","\u002Fimages\u002Fcompanion-download-card.png",[718,984,985,999,1002,1008,1015,1022],{},[113,986,987,988,991,992,995,996,172],{},"Go to ",[216,989,218],{"href":218,"rel":990},[220]," and find the ",[15,993,994],{},"Browser companion"," section. Click ",[15,997,998],{},"Download .zip",[113,1000,1001],{},"Unzip the downloaded file to a permanent folder on your computer. Do not delete this folder — your browser reads the extension files from it.",[113,1003,1004,1005,172],{},"Open your browser and go to ",[46,1006,1007],{},"chrome:\u002F\u002Fextensions",[113,1009,1010,1011,1014],{},"Enable ",[15,1012,1013],{},"Developer mode"," using the toggle in the top-right corner.",[113,1016,1017,1018,1021],{},"Click ",[15,1019,1020],{},"Load unpacked"," and select the folder you unzipped in step 2.",[113,1023,13,1024,1027],{},[15,1025,1026],{},"MultiClaw"," icon appears in your browser toolbar.",[142,1029,1030],{"type":861},[11,1031,1032,1033,1036,1037,1039,1040,1043,1044,172],{},"In Edge, go to ",[46,1034,1035],{},"edge:\u002F\u002Fextensions"," instead of ",[46,1038,1007],{},". In Brave, go to ",[46,1041,1042],{},"brave:\u002F\u002Fextensions",". All other Chromium-based browsers use ",[46,1045,1007],{},[11,1047,1048,1049,1052],{},"Your browser displays a persistent ",[15,1050,1051],{},"\"Developer mode extensions are enabled\""," banner once you enable Developer mode. This is standard for any sideloaded extension and is not a security warning about MultiClaw.",[142,1054,1055],{"type":861},[11,1056,1057,1058,1061],{},"If you don't see the icon, click the puzzle-piece ",[15,1059,1060],{},"Extensions"," button in the toolbar and pin the MultiClaw Chrome Extension to keep it visible.",[20,1063,1065],{"id":1064},"permissions-explained","Permissions explained",[11,1067,1068],{},"Your browser asks you to approve these permissions when you install the extension:",[655,1070,1071,1084],{},[658,1072,1073],{},[661,1074,1075,1078,1081],{},[664,1076,1077],{},"Permission",[664,1079,1080],{},"What it allows",[664,1082,1083],{},"Why it's needed",[671,1085,1086,1097],{},[661,1087,1088,1091,1094],{},[676,1089,1090],{},"Read and change data on all websites",[676,1092,1093],{},"Access page content while recording",[676,1095,1096],{},"Captures the clicks and text you record",[661,1098,1099,1102,1105],{},[676,1100,1101],{},"Communicate with localhost",[676,1103,1104],{},"Connect to the MultiClaw desktop app",[676,1106,1107],{},"Sends recordings to the desktop app on your machine",[11,1109,1110,1111,1115],{},"The extension transmits data only to your local desktop app — not directly to any external server. However, content captured during recordings (including text you type) may be included in agent conversations that are processed by your configured AI model provider. See our ",[216,1112,1114],{"href":1113},"\u002Flegal-compliance\u002Fprivacy-policy","Privacy Policy"," for full details.",[142,1117,1118],{"type":639},[11,1119,1120,1121,1123],{},"Recording captures text you type into form fields. Avoid recording sessions where you enter sensitive personal data such as financial details, health information, or credentials. Captured content is stored locally in ",[46,1122,171],{}," and may be sent to your AI model provider when used in an agent conversation.",[20,1125,1127],{"id":1126},"verify-the-installation","Verify the installation",[718,1129,1130,1136],{},[113,1131,1132,1133,1135],{},"Click the ",[15,1134,1026],{}," icon in your browser toolbar.",[113,1137,1138,1139,1142,1143,1146],{},"The extension panel opens and shows the message ",[15,1140,1141],{},"Teach AI agents by recording your browser actions"," along with a ",[15,1144,1145],{},"Start Recording"," button. This confirms the extension is installed and ready.",[11,1148,1149,1150,1153],{},"The extension connects to the desktop app automatically when you finish a recording. If the desktop app is not running at that moment, the recording is saved locally and queued as ",[15,1151,1152],{},"Pending",". Retry the transfer from the extension panel once the desktop app is open.",[20,1155,1157],{"id":1156},"update-the-extension","Update the extension",[11,1159,1160],{},"Sideloaded extensions don't update automatically. To update to a newer version:",[718,1162,1163,1173,1180],{},[113,1164,987,1165,1168,1169,1172],{},[216,1166,218],{"href":218,"rel":1167},[220]," and download the latest ",[15,1170,1171],{},".zip"," file.",[113,1174,1175,1176,1179],{},"Unzip the new files into the ",[15,1177,1178],{},"same folder"," you used during the original install, replacing the existing files.",[113,1181,1182,1183,1185,1186,1188],{},"Open your browser's extensions page (",[46,1184,1007],{},") and click the reload icon on the ",[15,1187,1026],{}," card.",[11,1190,1191],{},"The extension reloads with the updated version. You don't need to remove and reinstall it.",[142,1193,1194],{"type":144},[11,1195,1196,1197,1199],{},"If you unzip to a different folder, your browser loses track of the extension. Use ",[15,1198,1020],{}," again to point to the new folder.",[20,1201,1203],{"id":1202},"remove-the-extension","Remove the extension",[718,1205,1206,1211,1220],{},[113,1207,1182,1208,1210],{},[46,1209,1007],{},").",[113,1212,1213,1214,1216,1217,172],{},"Find the ",[15,1215,1026],{}," card and click ",[15,1218,1219],{},"Remove",[113,1221,1222],{},"Confirm the removal when prompted.",[11,1224,1225],{},"After removing the extension from the browser, you can delete the unzipped extension folder from your computer.",[20,1227,1229],{"id":1228},"if-something-isnt-working","If something isn't working",[11,1231,1232,1233,1237],{},"If the extension panel doesn't open, the icon is missing, or the desktop app can't detect the extension, see ",[216,1234,1236],{"href":1235},"\u002Ftroubleshooting\u002Fcompanion-extension-not-detected","MultiClaw Chrome Extension not detected"," for step-by-step fixes.",{"title":254,"searchDepth":255,"depth":255,"links":1239},[1240,1241,1242,1243,1244,1245,1246],{"id":951,"depth":255,"text":952},{"id":972,"depth":255,"text":973},{"id":1064,"depth":255,"text":1065},{"id":1126,"depth":255,"text":1127},{"id":1156,"depth":255,"text":1157},{"id":1202,"depth":255,"text":1203},{"id":1228,"depth":255,"text":1229},"getting-started","The MultiClaw Chrome Extension records your browser actions so agents can repeat them — here's how to download and install it.",{},"\u002Fgetting-started\u002Finstall-the-companion-browser-extension",[1252,1253,1254,1255,558],"getting-started\u002Finstall-multiclaw","getting-started\u002Fconnect-to-your-workspace","skills-workflows\u002Frecord-a-browser-workflow","troubleshooting\u002Fcompanion-extension-not-detected",{"title":226,"description":1248},"install-the-companion-browser-extension","help\u002Fgetting-started\u002F08.install-the-companion-browser-extension",null,"QIlntP03q7HnVO7_GQAn8Xg9X-3rXOUWypfsoF9mkRg","Install the MultiClaw Chrome Extension The MultiClaw Chrome Extension records your browser actions so agents can repeat them — here's how to download and install it.",1778463888017]