I've never seen or approved a prompt from Claude if I want any of this to be installed and I've never seen or approved a prompt from macOS that Claude is asking permission to mess around with other apps (though `Application Support` is probably not protected for non-sandboxed apps).
I don't think we should normalise or try to diminish the importance of good security practices. Apps that randomly rewrite how other apps your computer work are generally in the category of malware (and here we're not even considering Claude's apparently ability to execute local instructions based on random text it finds online).
https://github.com/anthropics/claude-code/issues/14616
Of course if they actually did it, without your consent, that's really really bad.
$ fd claude_browser_extension.json ~/Library
/Users/miguno/Library/Application Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.anthropic.claude_browser_extension.json
/Users/miguno/Library/Application Support/Vivaldi/NativeMessagingHosts/com.anthropic.claude_browser_extension.json
/Users/miguno/Library/Application Support/Arc/User Data/NativeMessagingHosts/com.anthropic.claude_browser_extension.json
/Users/miguno/Library/Application Support/Microsoft Edge/NativeMessagingHosts/com.anthropic.claude_browser_extension.json
/Users/miguno/Library/Application Support/com.operasoftware.Opera/NativeMessagingHosts/com.anthropic.claude_browser_extension.json
/Users/miguno/Library/Application Support/Chromium/NativeMessagingHosts/com.anthropic.claude_browser_extension.json
/Users/miguno/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.anthropic.claude_browser_extension.json
Claude Desktop repeatedly installed/updated these 7 extensions since the beginning of February on my Apple machine. Every entry in the filtered log below is for all 7 extensions:
$ grep "Installed native host manifest" ~/Library/Logs/Claude/main.log | sed -e 's/ at \/Users\/.*//' | awk '{ print $1" "$2 }' | sort -n | uniq
2026-02-04 18:53:21
2026-02-04 23:33:26
2026-02-04 23:34:20
2026-02-04 23:34:27
2026-03-16 09:29:18
2026-03-17 11:52:22
2026-03-18 22:22:22
2026-03-19 14:49:34
2026-03-20 09:42:03
2026-03-20 10:10:39
2026-04-02 22:50:26
2026-04-02 22:57:56
2026-04-10 19:38:38
2026-04-10 19:40:51
2026-04-12 18:52:36
2026-04-12 19:10:04
2026-04-12 20:07:21
2026-04-15 12:19:46
2026-04-15 12:20:16
2026-04-15 12:29:45
2026-04-16 22:15:47
2026-04-16 22:24:19
2026-04-18 10:58:13
2026-04-18 15:06:54 find ~/Library/Application\ Support -name "com.anthropic.claude_browser_extension\*" -delete"Claude Desktop, an Anthropic application, reached across the trust boundary between two independent vendors, and wrote configuration into Brave's application directory. The principle that an application does not silently modify another application is so obvious it rarely gets stated. Anthropic broke it in silence."
This is the key point for me - ask me, let me remove when done. That would be all it takes to not abuse trust.
> You have to put a manifest there if you want the native messaging to work later.
The point is that Claude Desktop didn't ask the user whether they want native messaging in the first place. Which is strange, given that users experience many "Do you grant permission to do XYZ" prompts when working with Anthropic products in other situations.
At the point we're at, I'm so ethically locked out of unregulated contexts where one can't necessarily get away with that sort of thing, I'm beginning to give up hope the Industry can be turned around at all short of everyone with a modicum of ethics making the experience of computing so damned defensively locked down, it ceases to be a legacy worth passing down as anything but a cautionary tale on the hubris of man, and the ease with which men can be lured to corrupt ends via their stomachs.
Not 100% across the spec but this wouldn't functionally do anything until you install the related extension? e.g., it's pinned to nominated `allowed_origins`
I mean it almost doesn't matter what is installed at any given time, the agent is going to install stuff you can't realistically observe, the software will auto-update, there is simply no way you can be sure spyware won't end up on your computer.
It was always quite a simple thing to do: “disclosure”. Explain me, in plain English, the things you are going to do when I install your software: do not bury it on a 40-page EULA with multiple amendments referring to different aspects that affect me and for which I would probably need a lawyer, or their very service to understand it, and that is of course subject to be changed at any time they feel.
It’s 2026 and they keep on nagging it: even Apple stopped doing the little summary at the beginning of the “Accept the New Terms” where they explained, in plain English, what those changes were.
And every time they do that, it is always on their favor: you code and eat pizza, they have a 1000 dollar an hour group of lawyers, ironing the hell out of their legal terms to must accept to use their services.
"All or nothing" thinking...: https://en.wikipedia.org/wiki/Splitting_%28psychology%29?use...