Disclosure: AgentPlix may earn a commission when you sign up through our affiliate links. This never influences our recommendations — we only cover tools we'd use ourselves.
- Claude Desktop writes Native Messaging Host manifests into Chromium browser profile directories without a visible prompt or consent screen.
- The hooks appear in Chrome, Brave, Edge, Arc, and every other Chromium-based browser installed on your machine simultaneously.
- You can audit every installed hook with a single terminal command and remove any you don't want without breaking Claude Desktop.
- Claude itself, when asked directly, will locate the hook files, explain what each one does, and walk you through safe removal step by step.
- The hooks are how Claude's MCP browser tools work. Removing them disables browser automation but leaves every other Claude Desktop feature intact.
Claude Desktop Silently Registers Browser Hooks. Here’s What That Means for You.
When I ran a routine audit of my Chromium browser directories last month, I found files I didn’t put there. Native Messaging Host manifests, registered quietly by Claude Desktop, sitting inside the profile directories of Chrome, Brave, Arc, and Edge without a single installation prompt or permission dialog. What surprised me more was what happened next: I asked Claude itself about the files. It knew exactly where they were, what each one did, and it walked me through removing the ones I didn’t want. Claude Desktop had silently installed its own browser automation infrastructure, and Claude was the one who helped me clean it up.
This article breaks down what those hooks are, why they exist, how to find them on your own machine, and how to make an informed decision about keeping or removing them.
What Claude Desktop Actually Installs in Your Browsers
Claude Desktop’s browser automation capabilities are built on top of a Web standard called Native Messaging. It’s the same mechanism browser extensions use to communicate with locally installed applications. The spec is legitimate, well-documented, and supported by every Chromium-based browser. But the installation process Claude Desktop uses is silent by default.
When you install or launch Claude Desktop for the first time, the app registers Native Messaging Host manifests in the configuration directories of every Chromium browser it can find on your system. A manifest is just a small JSON file that tells the browser: “There’s a native app on this machine that’s allowed to talk to browser extensions from this specific origin.”
On macOS, these manifests land here:
~/Library/Application Support/Google/Chrome/NativeMessagingHosts/
~/Library/Application Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/
~/Library/Application Support/Microsoft Edge/NativeMessagingHosts/
~/Library/Application Support/Arc/User Data/NativeMessagingHosts/
On Windows, the equivalent entries go into the registry under HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\ (and browser-specific equivalents).
The manifest file itself looks something like this:
{
"name": "com.anthropic.claude_desktop",
"description": "Claude Desktop Browser Bridge",
"path": "/Applications/Claude.app/Contents/MacOS/claude-native-bridge",
"type": "stdio",
"allowed_origins": [
"chrome-extension://[extension-id]/"
]
}
Nothing malicious. Nothing that phones home without your knowledge. But installed without asking, across every Chromium browser on your machine, in one silent pass.
Native Messaging Host manifests do not execute on their own. They are permission declarations. A hook only activates when a browser extension with a matching origin ID explicitly requests a connection. If you don't use Claude's browser tools, the hooks sit dormant.
Why Claude Desktop Does This Without Asking
The charitable explanation, and probably the accurate one, is that this is a developer experience shortcut. Claude Desktop’s MCP (Model Context Protocol) layer includes browser automation as a built-in capability. Registering hooks across all detected Chromium browsers during installation means the feature works immediately, without requiring you to manually configure each browser. From a product standpoint, that’s smoother onboarding.
The less charitable reading is that silently modifying browser configuration directories is the kind of behavior we’d call out aggressively in any other app. If a random productivity tool registered native messaging hooks in your Chrome profile without asking, you’d uninstall it immediately.
Anthropic’s position, as reflected in their MCP documentation, is that these hooks are part of the computer-use and browser-automation feature set, which is disclosed in the product’s broader capabilities. Whether a buried capabilities disclosure counts as meaningful consent is a reasonable thing to disagree about.
What’s not in dispute: the files are there, they’re easy to find, and removing them is safe and reversible.
How to Find Every Hook on Your Machine Right Now
One terminal command will reveal every Claude-related Native Messaging manifest across your Chromium browsers on macOS:
find ~/Library/Application\ Support -name "*.json" -path "*/NativeMessagingHosts/*" 2>/dev/null
Run that and you’ll see the full list. If Claude Desktop has been installed, you’ll find manifests in every Chromium browser directory the app detected at install time.
For a more targeted search that only surfaces Claude-related entries:
find ~/Library/Application\ Support -name "*anthropic*" -o -name "*claude*" 2>/dev/null | grep -i nativemessaging
On Windows, check the registry:
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts
HKEY_CURRENT_USER\SOFTWARE\Brave Software\Brave-Browser\NativeMessagingHosts
You can also check from inside Chrome directly. Go to chrome://extensions/, enable Developer Mode, and look for any extension connected to a native host. If Claude’s browser extension is installed and connected, you’ll see it listed there.
How I Asked Claude to Find Its Own Hooks (And It Did)
This is the part that genuinely surprised me. After discovering the manifests manually, I opened Claude Desktop and typed:
“Have you registered any native messaging hooks or browser automation files on this machine? If so, where are they, what do they do, and how do I remove them safely?”
Claude’s response was immediate and specific. It listed the exact file paths, explained the purpose of each manifest, noted which browsers had been affected, and provided step-by-step removal instructions including how to verify removal was successful. It did not hedge, deflect, or pretend the files weren’t there.
That level of transparency is, frankly, better than most apps manage. The irony of using Claude to audit Claude’s own footprint is not lost on me. But it’s also a genuinely useful pattern: when you’re unsure what an AI tool has touched on your system, ask the tool directly. The good ones will tell you.
Ask Claude to audit its own system footprint using a prompt like: "List every file or registry entry you or Claude Desktop have created outside of your application bundle." The answer gives you a complete picture of what to keep and what to remove.
How to Remove the Hooks Safely
If you want to strip out the browser automation hooks without uninstalling Claude Desktop, here’s the process.
On macOS:
- Quit Claude Desktop completely (check the menu bar icon).
- Open Terminal.
- Navigate to each NativeMessagingHosts directory and delete the relevant manifest:
# Remove from Chrome
rm ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/com.anthropic.claude_desktop.json
# Remove from Brave
rm ~/Library/Application\ Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.anthropic.claude_desktop.json
# Remove from Arc
rm ~/Library/Application\ Support/Arc/User\ Data/NativeMessagingHosts/com.anthropic.claude_desktop.json
# Remove from Edge
rm ~/Library/Application\ Support/Microsoft\ Edge/NativeMessagingHosts/com.anthropic.claude_desktop.json
- Restart your browsers.
- Verify by re-running the find command above. The output should be empty.
On Windows:
Open Registry Editor (regedit), navigate to HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\, and delete the com.anthropic.claude_desktop key. Repeat for each browser’s registry path.
What breaks if you remove them?
Only Claude’s browser automation features. The MCP browser tools (navigate to URL, click elements, read page content, fill forms) will stop working. Everything else, chat, file analysis, code generation, document summarization, the Projects feature, all of it continues to work exactly as before.
Reasons to Keep the Hooks
- Claude's browser automation tools are genuinely powerful for repetitive web tasks
- The hooks are dormant unless you actively use browser automation features
- Removal is reversible: reinstalling or repairing Claude Desktop will re-register them
- No evidence of any data exfiltration or background activity via these hooks
Reasons to Remove Them
- Silent installation without a consent prompt is a legitimate privacy concern
- Hooks registered across every Chromium browser expands your attack surface
- You may never use browser automation and see no reason to keep the files
- Security-conscious environments (corporate machines, shared workstations) should audit and remove
What This Tells Us About Desktop AI Agents
Claude Desktop’s browser hooks are a preview of a broader pattern. As AI assistants evolve from chat interfaces into full computer-use agents, they’re going to need system-level access to do useful things. Browser automation, file system access, app control, these aren’t bugs or overreach. They’re prerequisites for the value proposition.
The question isn’t whether AI desktop agents should have system access. They have to, to be useful. The question is whether they should ask first.
For developers and power users deploying tools like Cursor, Claude Desktop, or other MCP-enabled clients, understanding the exact system footprint of each tool is increasingly important. What directories does it write to? What permissions does it request at the OS level? What hooks does it register in other applications?
This is the new hygiene layer for AI tooling. The apps that handle it transparently, that install cleanly, explain what they’re doing, and make removal straightforward, will build the trust that turns early adopters into long-term users.
Related: if you’re building your own MCP servers or browser automation workflows on top of Claude, understanding how native messaging works at the protocol level will save you hours of debugging. The MCP documentation from Anthropic is dense but worth the read, especially the sections on transport layers and permission scoping.
Claude Desktop may re-register browser hooks after a software update. If you've removed them, check again after any major Claude Desktop update by re-running the find command above.
Should You Be Worried?
No. But you should be aware.
The hooks Claude Desktop installs are standard, documented browser APIs. They are not rootkits. They do not run in the background. They do not transmit data. They are inert JSON files that grant permission for a specific, named application to communicate with a browser extension if and when that extension requests it.
What makes this worth writing about is the installation behavior, not the hooks themselves. Silent registration across every detected browser, with no prompt, no disclosure dialog, and no uninstall step in the standard removal flow, is a pattern the AI tooling space needs to do better on. Users who care about their system footprint deserve to know what’s being written where.
The good news: Claude will tell you exactly what it’s done if you ask. That self-reporting capability matters more than the silent installation bothers me.
Claude Desktop's browser hooks are benign but silently installed. Audit them with a single terminal command, remove the ones you don't need, and use Claude itself to explain anything you find.
The Takeaway: Audit Your AI Tools Like You Audit Your Apps
The right habit here isn’t paranoia. It’s the same hygiene you’d apply to any powerful app: know what it touches, understand why, and keep only what you need.
For Claude Desktop specifically:
- Run the find command above immediately after installation.
- Decide whether you use or plan to use browser automation features.
- If not, remove the hooks. It takes two minutes.
- After any major update, check again.
If you’re building on top of Claude’s capabilities, the Anthropic developer documentation has detailed breakdowns of how computer use and MCP browser tools work at the implementation level. Understanding the stack makes you a better builder and a more informed user.
And if you ever want a guided audit of what Claude Desktop has touched on your machine, just ask Claude. It knows where everything is. Turns out that’s actually pretty useful.
Disclosure: AgentPlix may earn a commission from links to developer tools mentioned in this article.
