Tim trong tutorial có một khoảnh khắc cảnh báo nghiêm túc khi Cowork đang control Chrome của anh:
- Phân biệt Connector vs Browser use — khi nào dùng cái nào
- Cài và cấu hình Claude for Chrome extension + granular permissions
- Setup 5 connector thiết yếu: Gmail, Drive, Calendar, Slack, Notion
- Cấu hình read-only vs read-write permissions — granular control
- Kiểm soát website whitelist/blacklist cho browser extension
- Tránh 5 safety pitfall khi Cowork truy cập external systems
Connector vs Browser — 2 cách Cowork "với tay"
Khi nào dùng Connector
Khi nào dùng Browser
Nguyên tắc vàng
Ưu tiên Connector nếu có. Dùng Browser là fallback.
Tim confirm: "If you're going to be running a lot of these workflows, I highly recommend connecting to the connectors. Spend 30 minutes, connect all the data sources you want. It's typically safer, more secure, faster, and more efficient."
- Service có sẵn connector (Gmail, Slack, Drive, GitHub, ...)
- Task cần data structured (read emails, list calendar events)
- Cần speed (API < 1s, browser load ~3-5s)
- Cần reliability (chạy 1000 lần không fail vì UI thay đổi)
- Cần granular permission (read but not delete)
- Service KHÔNG có connector (Zillow, government forms, niche tools)
- Task cần visual interaction (scroll to load, click modal)
- 1-off task không đáng build connector
- Demo, hoặc research casual
┌───────────────────────────────────────────────────────┐ │ │ │ CONNECTOR BROWSER │ │ │ │ Cowork gọi API Cowork điều khiển │ │ của service browser thực tế │ │ │ │ Service: "yes I'll do X" Click, scroll, type │ │ │ │ Structured data Visual/HTML-based │ │ Fast Slow (chờ page load) │ │ Reliable (API stable) Brittle (UI changes) │ │ │ │ Only services with ANY website │ │ connector available │ │ │ │ Granular permissions All-or-nothing per │ │ per tool website │ │ │ └───────────────────────────────────────────────────────┘
Phần 1: CONNECTORS
Setup connector
Bước 1: Customize > Connectors > Browse
Danh sách connectors mặc định (sẽ mở rộng theo thời gian):
Và đang mở rộng nhanh. Check Customize > Connectors > Browse thường xuyên.
Bước 2: Chọn connector → OAuth flow
Cowork redirect bạn đến trang login service (Gmail, Slack, etc.) → bạn approve → redirect back.
Bước 3: Configure permissions (BƯỚC QUAN TRỌNG)
Với mỗi connector, bạn có thể:
Tim cực kỳ specific về cách anh setup:
Recommended config cho beginner:
Nguyên tắc: Grant minimum necessary. Sau khi quen, relax từng quyền.
5 connector thiết yếu — Setup priority
1. Gmail — Email automation
Use cases:
Setup:
Skill gợi ý: /email-triage, /customer-email-draft
2. Google Calendar — Scheduling
Use cases:
Setup:
Skill gợi ý: /daily-brief, /meeting-prep
3. Google Drive — Doc collaboration
Use cases:
Setup:
Skill gợi ý: /meeting-notes-to-actions, /document-review
4. Slack — Team communication
Use cases:
Setup:
Skill gợi ý: /weekly-team-update, /slack-digest
5. Notion — Knowledge management
Use cases:
Setup:
Skill gợi ý: /kb-search, /meeting-notes-create
- Draft emails từ brief
- Triage inbox (ưu tiên, phân loại)
- Extract action items từ email threads
- Reply template cho common questions
- Connect via OAuth
- Permissions: Read ✅, Draft ✅, Send ❌ (lúc đầu)
- Test: "List 10 emails từ last 24h, rank by priority"
- Check lịch trước meeting
- Schedule event với người khác
- Consolidate calendar theo theme
- Flag conflict
- Permissions: Read ✅, Create event ✅, Delete ❌
- Test: "Brief me on today's meetings, highlight prep needed"
- Đọc docs không cần download
- Edit existing docs
- Create new docs từ template
- Organize folder Drive
- Permissions: Read ✅, Create ✅, Edit ✅, Delete ❌
- Scope: restrict folder (Drive OAuth support scope)
- Test: "Read doc [link] và summarize"
- Pull conversation từ channel
- Draft team updates
- Search messages tìm context
- Send reminder automation
- Permissions: Read ✅, Draft message ✅, Post ❌ (initial)
- Channels: cho access specific channels, không all
- Test: "Read #marketing last 7 days, summarize discussions"
- Query knowledge base
- Create pages từ template
- Update status/database
- Extract info từ docs
- Permissions: Read ✅, Edit ✅, Delete ❌
- Workspace: cho access 1-2 workspace, không all
- Test: "Find pages về [topic] trong workspace Y"
| Connector | Read | Write | Delete |
|---|---|---|---|
| Gmail | ✅ | Draft only (không send) | ❌ |
| Calendar | ✅ | Create event OK | ❌ |
| Drive | ✅ | Create new file OK | ❌ |
| Slack | ✅ | Draft message, không post | ❌ |
| Notion | ✅ | Edit page OK | ❌ |
| CRM | ✅ | ❌ | ❌ |
┌────────────────────────────────────────────┐ │ GMAIL Connector Permissions │ │ │ │ ☑ Read emails (allow) │ │ ☑ Read email metadata (allow) │ │ ☑ Search emails (allow) │ │ ☐ Compose draft (allow) │ │ ☐ Send email (block) ⚠️ │ │ ☐ Delete email (block) ⚠️ │ │ ☐ Mark as spam (block) │ │ │ └────────────────────────────────────────────┘
✉️ Gmail
📅 Google Calendar
📁 Google Drive
💬 Slack
📝 Notion
🎨 Figma
📊 Microsoft 365 (Outlook, OneDrive, Teams)
🎥 Gamma
🖼️ Miro, Excalidraw
🏢 HubSpot, Salesforce
📋 Monday.com, Asana, Jira
📰 WordPress
💻 GitHub, GitLab
🛒 Shopify
💳 Stripe
📈 Linear
☁️ Dropbox, BoxPhần 2: BROWSER EXTENSION
Cài Claude for Chrome
Tim walkthrough:
Bước 1: Mở Chrome, search "Claude for Chrome" trên Chrome Web Store
Bước 2: Click "Add to Chrome"
Bước 3: Permission prompt — review carefully:
Đây là nhiều permission. Chỉ install nếu bạn trust.
Bước 4: Extension install xong. Icon Claude xuất hiện ở thanh extension.
Bước 5: Trong Cowork: Connectors > Claude for Chrome > Enable
Giờ Cowork có thể control browser.
Cách dùng browser
Tim show 3 cách trigger:
Cách 1: Qua Cowork chat
Cowork:
Cách 2: Qua extension trực tiếp
Click icon Claude trên browser → nhập task. Thực hiện trong tab hiện tại.
Cách 3: Pair với Cowork task
- "Read and change data on all sites you visit"
- "Access your tabs and browsing activity"
- Mở tab mới
- Navigate đến YouTube
- Scroll, extract recommendations
- Report back
Gõ: "Open my browser, go to YouTube, and tell me two of the
recommended videos on my home screen."Cách dùng browser
Watching browser work
Tim nhấn mạnh bạn phải xem browser work:
Khi browser mở tab mới và làm task, bạn thấy real-time:
Khi nào nên watch:
Khi nào có thể background:
Whitelist / Blacklist websites
Một trong các config quan trọng nhất của Chrome extension:
Tim: "Remember that if you don't want it to use this, you can block the browser extension or only add specific websites so that it doesn't go rogue and do something that you don't want."
Recommended setup:
Mode 1: Whitelist (safest) — Chỉ cho phép Cowork truy cập sites bạn explicit add. Bắt đầu với 5-10 site bạn biết.
Mode 2: Blacklist with exceptions — Mặc định allow all, block sensitive (banking, shopping with cards, government).
Mode 3: All allowed (risky) — Không recommend trừ khi bạn watch mọi task.
Session data warning
Tim warning quan trọng:
Điều đó có nghĩa Cowork qua browser thấy:
Recommend:
- Chuột di chuyển, click
- Text được gõ
- Scroll
- New tab mở
- Lần đầu thử 1 site/task
- Task có ảnh hưởng transaction (book, buy, send)
- Site có login/session active
- Bạn chưa trust Cowork với pattern đó
- Task đơn giản (search, extract info)
- Không modify anything (read-only)
- Bạn đã test pattern 5+ lần
- Bạn đang sign in tài khoản nào
- Password manager (nếu auto-fill active)
- Previous searches, history
- Cookies, session tokens
- Browser profile riêng cho Cowork (new Chrome profile)
- Hoặc incognito mode khi task sensitive
- Hoặc logout khỏi services sensitive trước khi Cowork chạy
┌─────────────────────────────────────────────────┐ │ Chrome Extension Settings │ │ │ │ Allowed sites (whitelist): │ │ ✅ youtube.com │ │ ✅ github.com │ │ ✅ docs.google.com │ │ ✅ linkedin.com │ │ │ │ Blocked sites (blacklist): │ │ 🚫 mybank.com │ │ 🚫 amazon.com (prevent buy)│ │ 🚫 emirates.com (prevent book)│ │ 🚫 *.gov (sensitive) │ │ │ │ [ Mode: whitelist only ▼ ] │ │ │ └─────────────────────────────────────────────────┘
Task trong Cowork: "Search Google Flights Miami → Dubai,
compile report."
Cowork auto-trigger Chrome extension, perform task, return
to Cowork chat.Comparison: Task dùng Connector vs Browser
Cùng 1 task — "Gửi reminder email cho 10 người chưa reply" — 2 cách:
Qua Connector (Gmail)
Qua Browser
Brief: "Read emails in folder Marketing-Campaign from last 14 days.
Identify senders who haven't replied to [thread]. Draft reminder email
to each."
Cowork:
1. Gmail API call: list emails in label "Marketing-Campaign" (1s)
2. Filter thread participants (0.5s)
3. Cross-reference reply status (2s)
4. Draft 10 emails (5s)
5. Save drafts in Gmail (3s)
Total: ~15s
Reliability: 99%+Qua Browser
Gap: 10x slower, 5x more usage, 20% less reliable.
Rule: Connector nếu available. Browser fallback.
Brief: "Open Gmail in browser, find label Marketing-Campaign,
identify unreplied threads, draft reminder for each."
Cowork:
1. Open Chrome, navigate to gmail.com (5s)
2. Login check (if needed) (0-10s)
3. Click label Marketing-Campaign (2s)
4. Scroll, click each thread (30s for 20 threads)
5. Parse participants (extract from UI) (10s)
6. Click compose 10 times, type email, save draft (60s)
Total: ~2-3 minutes
Reliability: 80% (UI can change)
Usage: 5-10x higher (more operations)5 safety pitfalls với Connectors & Browser
Pitfall 1: "I gave it full access, what could go wrong?"
Problem: Grant write+delete permission cho Gmail → Cowork có thể delete emails (không intentional, nhưng possible bug).
Fix: Default read-only. Grant write granular và explicit.
Pitfall 2: Browser session signed in to banking/shopping
Problem: Cowork dispatched task "book cheapest flight" → Emirates site có card saved → charge $1,500.
Fix:
Pitfall 3: Scheduled task rogue
Problem: Daily scheduled task "auto-reply to customer emails" — hoạt động tốt 2 tuần — rồi 1 ngày Cowork reply weird response cho 50 khách hàng.
Fix:
Pitfall 4: Chrome extension "read all sites" permission
Problem: Extension có access tất cả tabs → Cowork có thể đọc anything bạn visit.
Fix:
Pitfall 5: Connector OAuth scope quá rộng
Problem: Connect Google Drive với "all files access" → Cowork đọc files nhạy cảm không liên quan.
Fix:
- Logout khỏi sensitive sites trước session Cowork
- Dùng Chrome profile riêng cho Cowork
- Whitelist mode — block tất cả financial/shopping sites
- Scheduled task với Draft only, KHÔNG auto-send
- Weekly review scheduled output
- Alert khi output volume > threshold
- Chỉ enable extension khi đang dùng Cowork
- Disable khi banking, sensitive browsing
- Review extension permissions mỗi update
- Khi OAuth, chọn folder specific hoặc shared drives specific
- Revoke và re-grant narrower nếu cần
- Review Google Security settings định kỳ
Best practices — Workflow an toàn
Workflow 1: "New service" protocol
Khi thêm connector hoặc enable browser cho site mới:
Workflow 2: "Sensitive session" protocol
Khi làm task nhạy cảm (finance close, legal review, HR):
Workflow 3: "Scheduled task" protocol
Khi setup scheduled task:
- ☐ Read permission list carefully
- ☐ Start với read-only
- ☐ Test với task benign (list, summarize, không write)
- ☐ Sau 5 task thành công, consider granting write
- ☐ Never grant delete cho critical services (production DB, payments)
- ☐ Dedicated Project với isolated folder
- ☐ Minimal connectors active (disable irrelevant ones)
- ☐ Browser extension disabled hoặc whitelist strict
- ☐ Review output thoroughly before action
- ☐ Log actions trong audit file
- ☐ Run manual 3+ times successfully
- ☐ Draft-only output (no auto-send/post/commit)
- ☐ Log output to audit folder
- ☐ Alert khi output lớn/unusual
- ☐ Weekly review first 4 weeks
Bảng decision — Connector hay Browser?
| Scenario | Dùng | Lý do |
|---|---|---|
| Gmail triage hàng ngày | Connector | Speed, reliability |
| Check Zillow tìm nhà | Browser | Không có connector |
| Slack team update | Connector | Structured, granular |
| Cancel Netflix subscription | Browser | Không có connector |
| Extract data từ 50 invoice PDF (Drive) | Connector | Batch, fast |
| Research competitor website | Browser | Visual scan needed |
| CRM update deal status | Connector (HubSpot/Salesforce) | Reliability |
| Book flight trên Emirates | Browser (nhưng careful!) | Không có connector |
| Edit Notion page | Connector | Cleaner API |
| Fill form chính phủ | Browser | Unique each |
| Post GitHub PR | Connector | Structured |
| Scrape data từ news site | Browser | Unique structure |
Ví dụ theo ngành
💼 Sales — Connector-heavy setup
Active connectors:
Browser: chỉ cho competitor research
Why: Sales work với dữ liệu structured → connectors optimal.
📊 Research/Analyst — Mix
Active connectors:
Browser: research web, SEC filings, news sites
Why: Research needs both structured data + web discovery.
💰 Finance — Connector strict
Active connectors:
Browser: Disabled hoàn toàn or whitelist 3-5 sites
Why: Financial data sensitive, Minimum attack surface.
👥 HR — Very strict
Active connectors:
Browser: Disabled
Why: PII/employee data nhạy cảm, compliance.
- Salesforce / HubSpot (CRM) — full read, limited write
- Gmail — draft only
- Slack — draft only
- Calendar — create event OK
- LinkedIn (if available) — read only
- Google Drive — full (docs, analysis files)
- Gmail — read only
- Notion — full (knowledge base)
- Drive — read/edit, specific finance folder
- Email — read only
- HRIS (if connector) — read only
- Drive — specific HR folder
Anti-patterns
❌ Enable all connectors at once
Vấn đề: 10 connector với full permission — surface attack lớn, hard to audit.
Fix: Enable 1-2 connector per week. Review uses. Expand gradually.
❌ Browser extension "always on"
Vấn đề: Extension theo dõi mọi browsing → privacy + risk.
Fix: Disable extension khi không actively use Cowork. Enable on-demand.
❌ Grant Send/Delete ngay từ đầu
Vấn đề: 1 bug Cowork → email gửi nhầm 100 khách, file delete mất.
Fix: Default Draft-only, Read-only. Grant write after 20+ successful tasks.
❌ Cho Cowork access credit card sites
Vấn đề: Session active → Cowork charge không intentional.
Fix: Logout. Dùng Chrome profile riêng. Whitelist strict.
❌ Skip review connector permissions
Vấn đề: Connector update scope → quyền mới không được review → leak.
Fix: Review connector permissions monthly. Revoke not used.
❌ Trust browser output 100%
Vấn đề: UI change → Cowork extract wrong data → decision lệch.
Fix: Cross-verify critical data qua 2 source (browser + connector, hoặc browser + file).
Mẹo nâng cao
Mẹo 1: Separate Chrome profile cho Cowork
Chrome hỗ trợ multiple profiles. Tạo profile "Cowork":
Dùng profile này khi Cowork cần browser. Profile default (personal) an toàn hơn.
Mẹo 2: Revoke connector không dùng
Every 3 tháng:
Mẹo 3: Audit log scheduled tasks
Mỗi scheduled task nên log output:
Weekly scan audit log → spot anomaly.
Mẹo 4: Test connector change isolated
Khi update permissions connector → test trong Project Sandbox trước, không production.
Mẹo 5: Document connector setup
File /Cowork-Setup/connectors.md:
Future-you sẽ cảm ơn past-you.
- Không login banking
- Không save credit card
- Chỉ login service cần cho work
- Extension Claude installed
- Check Cowork > Customize > Connectors
- Connector nào không dùng 30 ngày → revoke
- Reduce attack surface
/scheduled-logs/ ├── daily-brief/ │ ├── 2026-04-01.md │ ├── 2026-04-02.md │ └── ... └── master-log.md (1-line per task run)
# Connector setup log
## Gmail
- Connected: 2026-01-15
- Permissions: Read ✅, Draft ✅, Send ❌, Delete ❌
- Scope: all folders
- Reviewed: 2026-04-01
## Slack
- Connected: 2026-01-20
- Permissions: Read ✅, Draft ✅, Post ❌
- Scope: 3 channels (#team, #ops, #alerts)
- Reviewed: 2026-04-01
...Áp dụng ngay
Bài tập 1: Setup 3 connector thiết yếu (~15 phút)
Pick 3 connector từ danh sách priority:
Test mỗi connector với 1 task read-only:
Bài tập 2: Cài Chrome extension + whitelist (~10 phút)
Ghi:
Bài tập 3: Audit permission hiện tại (~10 phút)
Review toàn bộ connectors:
Action items:
- ___ (setup read-only trước)
- ___ (setup read-only + draft)
- ___ (setup read-only)
- Connector 1: "[Test task]" → Output quality: ___/10
- Connector 2: "[Test task]" → ___
- Connector 3: "[Test task]" → ___
- Cài Claude for Chrome
- Review permissions khi install
- Settings > whitelist 5 site bạn dùng nhiều (GitHub, docs.google.com, Notion, LinkedIn, YouTube)
- Test với task simple: "Go to Wikipedia, extract 3 facts about Anthropic"
- Extension có hoạt động như expected? ___/Yes/No
- Bạn có watch Cowork làm việc? ___/Yes/No
- Mode sử dụng: ___ (whitelist / blacklist / all)
- Connector nào cần revoke? ___
- Permission nào cần reduce? ___
- Connector nào cần add? ___
| Connector | Read | Draft | Write | Delete | Cần review? |
|---|---|---|---|---|---|
| ___ | ___ | ___ | ___ | ___ | ___ |
| ___ | ___ | ___ | ___ | ___ | ___ |
| ___ | ___ | ___ | ___ | ___ | ___ |
Tóm tắt bài học
🎯 Connector = API, Browser = UI. Connector preferred: faster, more reliable, granular permission. Browser fallback cho service không có connector.
🎯 Default read-only + draft. Write/send/delete chỉ khi cần và đã test kỹ.
🎯 5 connector thiết yếu: Gmail, Calendar, Drive, Slack, Notion. Setup trong 30 phút.
🎯 Chrome extension = access toàn browser. Whitelist mode safest. Separate Chrome profile recommended.
🎯 Watch browser use carefully. Tim: "It can sometimes go rogue." Khác với connector — browser error visible, bạn can stop.
🎯 Audit permissions quarterly. Revoke unused. Log connector setup changes.
🎯 Scheduled task + external action = risk compound. Always Draft-only for scheduled outputs. Review weekly.
- Tutorial Tech With Tim — Chrome extension + Connectors (10:25-11:30, 22:34-24:00)
- Webinar Cowork — Boris về connectors (phần demo + safety)
- Anthropic: "Connect Claude to Microsoft 365" — 16/10/2025
- Anthropic: "Let Claude Handle Work in Your Browser" — 18/12/2025
- Anthropic Security: anthropic.com/security