9 steps · ~3 minutes
Install & run your Extbuild extension
Every extension you generate is a plain, unpacked Chrome extension. Follow these steps to load it, paste your API key, and let it automate your browser.
1. Download the .zip
After generating your extension on the home page, click Download .zip. You'll get a file like
my-agent.zip.2. Unzip it
Right-click the file and choose Extract All (Windows) or double-click it (macOS). Keep the resulting folder somewhere permanent — Chrome loads the extension from that folder on every browser restart. If you delete or move it, the extension will break.
3. Open the Extensions page
In Chrome (or any Chromium browser — Edge, Brave, Arc, Opera), paste
chrome://extensions into the address bar and press Enter.4. Enable Developer mode
Toggle Developer mode in the top-right corner. This unlocks the Load unpacked button.
5. Load unpacked
Click Load unpacked and select the unzipped folder (the one containing
manifest.json). Your extension appears in the toolbar. Pin it via the puzzle-piece icon for quick access.6. Paste your AI API key
Right-click the extension icon and choose Options (or click the "Settings" link in the popup). Paste your API key from your provider dashboard:
- OpenAI: platform.openai.com/api-keys
- Anthropic: console.anthropic.com/settings/keys
- Gemini: aistudio.google.com/app/apikey
chrome.storage.local on your machine only — it never leaves your browser and Extbuild never sees it.7. Grant browser permissions
The first time the extension runs on a page, Chrome may ask you to approve permissions like Read and change site data. This is what lets the agent automate — read the DOM, click buttons, fill forms, navigate tabs. Review the permissions rationale shown in your generation result before approving. If you want to lock it down, right-click the extension → This can read and change site data → When you click the extension.
8. Run your agent
Click the extension icon on any tab, or use the trigger you described in your prompt (right-click menu, keyboard shortcut, auto-run on a URL pattern). The agent uses your saved API key to call your chosen provider, then acts on the current page — summarizing, clicking, typing, opening tabs, whatever you asked for.
9. Iterate
Want to tweak behavior? Come back to Extbuild, refine your prompt, generate again, download the new zip, then click the reload icon on your extension card at
chrome://extensions after replacing the folder contents.How your extension controls the browser
Every generated extension follows the same runtime pattern so it can both call your AI provider and act on your tabs:
- background.js (service worker) — holds your API key from
chrome.storage.local, sends fetch requests to your provider (bypassing CORS), and dispatches instructions to the page. - content.js — injected into the page. Reads DOM, clicks buttons, fills forms, extracts text — this is how the agent "sees" and "acts" on a website.
- popup.html / options.html — the UI where you paste your API key and trigger the agent.
- chrome.scripting / chrome.tabs — used when the agent needs to open new tabs, navigate, or run code across multiple pages.
Because Extbuild requests least-privilege permissions by default, your extension only gets access to the current tab or the specific sites you named in your prompt. Broaden the scope by editing manifest.json if you need it.
Troubleshooting
- "Manifest file is missing or unreadable"
- You selected the zip file instead of the unzipped folder. Extract the archive first, then Load unpacked pointing at the extracted folder.
- The extension does nothing when I click it
- Open the extension's Options page and confirm your API key is saved. Then open the browser DevTools console (F12) or the service worker inspector on chrome://extensions (click 'service worker' under your extension) to see logs and errors.
- "401 Unauthorized" from the AI provider
- Your API key is invalid, expired, or missing credits. Regenerate the key in the provider dashboard and paste it into Options again.
- "CORS" or "failed to fetch" errors
- Move the fetch into background.js (the service worker) — background scripts bypass page CORS. If the extension needs a new host, add it to host_permissions and click Reload.
- Extension doesn't run on chrome:// or the Web Store
- Chrome blocks all extensions from running on chrome://, edge://, and the Chrome Web Store for security. Try it on any regular website.
- Nothing happens on a page I just opened
- Content scripts only inject on new page loads after the extension was installed. Refresh the tab once after installing.