Connectors & Browser extension

4 — Nâng caoTrung cấp35 phút

Tim trong tutorial có một khoảnh khắc cảnh báo nghiêm túc khi Cowork đang control Chrome của anh:

Bạn sẽ học được
  • Phân biệt Connector vs Browser use — khi nào dùng cái nào
  • Cài và cấu hình Claude for Chrome extension + granular permissions
  • Setup 5 connector thiết yếu: Gmail, Drive, Calendar, Slack, Notion
  • Cấu hình read-only vs read-write permissions — granular control
  • Kiểm soát website whitelist/blacklist cho browser extension
  • Tránh 5 safety pitfall khi Cowork truy cập external systems

Connector vs Browser — 2 cách Cowork "với tay"

Khi nào dùng Connector

Khi nào dùng Browser

Nguyên tắc vàng

Ưu tiên Connector nếu có. Dùng Browser là fallback.

Tim confirm: "If you're going to be running a lot of these workflows, I highly recommend connecting to the connectors. Spend 30 minutes, connect all the data sources you want. It's typically safer, more secure, faster, and more efficient."

  • Service có sẵn connector (Gmail, Slack, Drive, GitHub, ...)
  • Task cần data structured (read emails, list calendar events)
  • Cần speed (API < 1s, browser load ~3-5s)
  • Cần reliability (chạy 1000 lần không fail vì UI thay đổi)
  • Cần granular permission (read but not delete)
  • Service KHÔNG có connector (Zillow, government forms, niche tools)
  • Task cần visual interaction (scroll to load, click modal)
  • 1-off task không đáng build connector
  • Demo, hoặc research casual
┌───────────────────────────────────────────────────────┐
│                                                       │
│   CONNECTOR                    BROWSER                │
│                                                       │
│   Cowork gọi API              Cowork điều khiển       │
│   của service                 browser thực tế         │
│                                                       │
│   Service: "yes I'll do X"    Click, scroll, type     │
│                                                       │
│   Structured data             Visual/HTML-based       │
│   Fast                        Slow (chờ page load)    │
│   Reliable (API stable)        Brittle (UI changes)   │
│                                                       │
│   Only services with          ANY website             │
│   connector available                                 │
│                                                       │
│   Granular permissions        All-or-nothing per      │
│   per tool                    website                 │
│                                                       │
└───────────────────────────────────────────────────────┘

Phần 1: CONNECTORS

Setup connector

Bước 1: Customize > Connectors > Browse

Danh sách connectors mặc định (sẽ mở rộng theo thời gian):

Và đang mở rộng nhanh. Check Customize > Connectors > Browse thường xuyên.

Bước 2: Chọn connector → OAuth flow

Cowork redirect bạn đến trang login service (Gmail, Slack, etc.) → bạn approve → redirect back.

Bước 3: Configure permissions (BƯỚC QUAN TRỌNG)

Với mỗi connector, bạn có thể:

Tim cực kỳ specific về cách anh setup:

Recommended config cho beginner:

Nguyên tắc: Grant minimum necessary. Sau khi quen, relax từng quyền.

5 connector thiết yếu — Setup priority

1. Gmail — Email automation

Use cases:

Setup:

Skill gợi ý: /email-triage, /customer-email-draft

2. Google Calendar — Scheduling

Use cases:

Setup:

Skill gợi ý: /daily-brief, /meeting-prep

3. Google Drive — Doc collaboration

Use cases:

Setup:

Skill gợi ý: /meeting-notes-to-actions, /document-review

4. Slack — Team communication

Use cases:

Setup:

Skill gợi ý: /weekly-team-update, /slack-digest

5. Notion — Knowledge management

Use cases:

Setup:

Skill gợi ý: /kb-search, /meeting-notes-create

  • Draft emails từ brief
  • Triage inbox (ưu tiên, phân loại)
  • Extract action items từ email threads
  • Reply template cho common questions
  • Connect via OAuth
  • Permissions: Read ✅, Draft ✅, Send ❌ (lúc đầu)
  • Test: "List 10 emails từ last 24h, rank by priority"
  • Check lịch trước meeting
  • Schedule event với người khác
  • Consolidate calendar theo theme
  • Flag conflict
  • Permissions: Read ✅, Create event ✅, Delete ❌
  • Test: "Brief me on today's meetings, highlight prep needed"
  • Đọc docs không cần download
  • Edit existing docs
  • Create new docs từ template
  • Organize folder Drive
  • Permissions: Read ✅, Create ✅, Edit ✅, Delete ❌
  • Scope: restrict folder (Drive OAuth support scope)
  • Test: "Read doc [link] và summarize"
  • Pull conversation từ channel
  • Draft team updates
  • Search messages tìm context
  • Send reminder automation
  • Permissions: Read ✅, Draft message ✅, Post ❌ (initial)
  • Channels: cho access specific channels, không all
  • Test: "Read #marketing last 7 days, summarize discussions"
  • Query knowledge base
  • Create pages từ template
  • Update status/database
  • Extract info từ docs
  • Permissions: Read ✅, Edit ✅, Delete ❌
  • Workspace: cho access 1-2 workspace, không all
  • Test: "Find pages về [topic] trong workspace Y"
ConnectorReadWriteDelete
GmailDraft only (không send)
CalendarCreate event OK
DriveCreate new file OK
SlackDraft message, không post
NotionEdit page OK
CRM
┌────────────────────────────────────────────┐
│  GMAIL Connector Permissions                │
│                                            │
│  ☑ Read emails          (allow)            │
│  ☑ Read email metadata  (allow)            │
│  ☑ Search emails        (allow)            │
│  ☐ Compose draft        (allow)            │
│  ☐ Send email           (block)  ⚠️         │
│  ☐ Delete email         (block)  ⚠️         │
│  ☐ Mark as spam         (block)            │
│                                            │
└────────────────────────────────────────────┘
✉️  Gmail
📅 Google Calendar  
📁 Google Drive
💬 Slack
📝 Notion
🎨 Figma
📊 Microsoft 365 (Outlook, OneDrive, Teams)
🎥 Gamma
🖼️  Miro, Excalidraw
🏢 HubSpot, Salesforce
📋 Monday.com, Asana, Jira
📰 WordPress
💻 GitHub, GitLab
🛒 Shopify
💳 Stripe
📈 Linear
☁️  Dropbox, Box

Phần 2: BROWSER EXTENSION

Cài Claude for Chrome

Tim walkthrough:

Bước 1: Mở Chrome, search "Claude for Chrome" trên Chrome Web Store

Bước 2: Click "Add to Chrome"

Bước 3: Permission prompt — review carefully:

Đây là nhiều permission. Chỉ install nếu bạn trust.

Bước 4: Extension install xong. Icon Claude xuất hiện ở thanh extension.

Bước 5: Trong Cowork: Connectors > Claude for Chrome > Enable

Giờ Cowork có thể control browser.

Cách dùng browser

Tim show 3 cách trigger:

Cách 1: Qua Cowork chat

Cowork:

Cách 2: Qua extension trực tiếp

Click icon Claude trên browser → nhập task. Thực hiện trong tab hiện tại.

Cách 3: Pair với Cowork task

  • "Read and change data on all sites you visit"
  • "Access your tabs and browsing activity"
  • Mở tab mới
  • Navigate đến YouTube
  • Scroll, extract recommendations
  • Report back
Gõ: "Open my browser, go to YouTube, and tell me two of the 
recommended videos on my home screen."

Cách dùng browser

Watching browser work

Tim nhấn mạnh bạn phải xem browser work:

Khi browser mở tab mới và làm task, bạn thấy real-time:

Khi nào nên watch:

Khi nào có thể background:

Whitelist / Blacklist websites

Một trong các config quan trọng nhất của Chrome extension:

Tim: "Remember that if you don't want it to use this, you can block the browser extension or only add specific websites so that it doesn't go rogue and do something that you don't want."

Recommended setup:

Mode 1: Whitelist (safest) — Chỉ cho phép Cowork truy cập sites bạn explicit add. Bắt đầu với 5-10 site bạn biết.

Mode 2: Blacklist with exceptions — Mặc định allow all, block sensitive (banking, shopping with cards, government).

Mode 3: All allowed (risky) — Không recommend trừ khi bạn watch mọi task.

Session data warning

Tim warning quan trọng:

Điều đó có nghĩa Cowork qua browser thấy:

Recommend:

  • Chuột di chuyển, click
  • Text được gõ
  • Scroll
  • New tab mở
  • Lần đầu thử 1 site/task
  • Task có ảnh hưởng transaction (book, buy, send)
  • Site có login/session active
  • Bạn chưa trust Cowork với pattern đó
  • Task đơn giản (search, extract info)
  • Không modify anything (read-only)
  • Bạn đã test pattern 5+ lần
  • Bạn đang sign in tài khoản nào
  • Password manager (nếu auto-fill active)
  • Previous searches, history
  • Cookies, session tokens
  • Browser profile riêng cho Cowork (new Chrome profile)
  • Hoặc incognito mode khi task sensitive
  • Hoặc logout khỏi services sensitive trước khi Cowork chạy
┌─────────────────────────────────────────────────┐
│  Chrome Extension Settings                      │
│                                                 │
│  Allowed sites (whitelist):                    │
│  ✅ youtube.com                                 │
│  ✅ github.com                                  │
│  ✅ docs.google.com                             │
│  ✅ linkedin.com                                │
│                                                 │
│  Blocked sites (blacklist):                    │
│  🚫 mybank.com                                  │
│  🚫 amazon.com                    (prevent buy)│
│  🚫 emirates.com                  (prevent book)│
│  🚫 *.gov                         (sensitive)  │
│                                                 │
│  [ Mode: whitelist only ▼ ]                     │
│                                                 │
└─────────────────────────────────────────────────┘
Task trong Cowork: "Search Google Flights Miami → Dubai, 
compile report."

Cowork auto-trigger Chrome extension, perform task, return 
to Cowork chat.

Comparison: Task dùng Connector vs Browser

Cùng 1 task — "Gửi reminder email cho 10 người chưa reply" — 2 cách:

Qua Connector (Gmail)

Qua Browser

Brief: "Read emails in folder Marketing-Campaign from last 14 days. 
Identify senders who haven't replied to [thread]. Draft reminder email 
to each."

Cowork:
1. Gmail API call: list emails in label "Marketing-Campaign" (1s)
2. Filter thread participants (0.5s)
3. Cross-reference reply status (2s)
4. Draft 10 emails (5s)
5. Save drafts in Gmail (3s)

Total: ~15s
Reliability: 99%+

Qua Browser

Gap: 10x slower, 5x more usage, 20% less reliable.

Rule: Connector nếu available. Browser fallback.

Brief: "Open Gmail in browser, find label Marketing-Campaign, 
identify unreplied threads, draft reminder for each."

Cowork:
1. Open Chrome, navigate to gmail.com (5s)
2. Login check (if needed) (0-10s)
3. Click label Marketing-Campaign (2s)
4. Scroll, click each thread (30s for 20 threads)
5. Parse participants (extract from UI) (10s)
6. Click compose 10 times, type email, save draft (60s)

Total: ~2-3 minutes
Reliability: 80% (UI can change)
Usage: 5-10x higher (more operations)

5 safety pitfalls với Connectors & Browser

Pitfall 1: "I gave it full access, what could go wrong?"

Problem: Grant write+delete permission cho Gmail → Cowork có thể delete emails (không intentional, nhưng possible bug).

Fix: Default read-only. Grant write granular và explicit.

Pitfall 2: Browser session signed in to banking/shopping

Problem: Cowork dispatched task "book cheapest flight" → Emirates site có card saved → charge $1,500.

Fix:

Pitfall 3: Scheduled task rogue

Problem: Daily scheduled task "auto-reply to customer emails" — hoạt động tốt 2 tuần — rồi 1 ngày Cowork reply weird response cho 50 khách hàng.

Fix:

Pitfall 4: Chrome extension "read all sites" permission

Problem: Extension có access tất cả tabs → Cowork có thể đọc anything bạn visit.

Fix:

Pitfall 5: Connector OAuth scope quá rộng

Problem: Connect Google Drive với "all files access" → Cowork đọc files nhạy cảm không liên quan.

Fix:

  • Logout khỏi sensitive sites trước session Cowork
  • Dùng Chrome profile riêng cho Cowork
  • Whitelist mode — block tất cả financial/shopping sites
  • Scheduled task với Draft only, KHÔNG auto-send
  • Weekly review scheduled output
  • Alert khi output volume > threshold
  • Chỉ enable extension khi đang dùng Cowork
  • Disable khi banking, sensitive browsing
  • Review extension permissions mỗi update
  • Khi OAuth, chọn folder specific hoặc shared drives specific
  • Revoke và re-grant narrower nếu cần
  • Review Google Security settings định kỳ

Best practices — Workflow an toàn

Workflow 1: "New service" protocol

Khi thêm connector hoặc enable browser cho site mới:

Workflow 2: "Sensitive session" protocol

Khi làm task nhạy cảm (finance close, legal review, HR):

Workflow 3: "Scheduled task" protocol

Khi setup scheduled task:

  • ☐ Read permission list carefully
  • ☐ Start với read-only
  • ☐ Test với task benign (list, summarize, không write)
  • ☐ Sau 5 task thành công, consider granting write
  • ☐ Never grant delete cho critical services (production DB, payments)
  • ☐ Dedicated Project với isolated folder
  • ☐ Minimal connectors active (disable irrelevant ones)
  • ☐ Browser extension disabled hoặc whitelist strict
  • ☐ Review output thoroughly before action
  • ☐ Log actions trong audit file
  • ☐ Run manual 3+ times successfully
  • ☐ Draft-only output (no auto-send/post/commit)
  • ☐ Log output to audit folder
  • ☐ Alert khi output lớn/unusual
  • ☐ Weekly review first 4 weeks

Bảng decision — Connector hay Browser?

ScenarioDùngLý do
Gmail triage hàng ngàyConnectorSpeed, reliability
Check Zillow tìm nhàBrowserKhông có connector
Slack team updateConnectorStructured, granular
Cancel Netflix subscriptionBrowserKhông có connector
Extract data từ 50 invoice PDF (Drive)ConnectorBatch, fast
Research competitor websiteBrowserVisual scan needed
CRM update deal statusConnector (HubSpot/Salesforce)Reliability
Book flight trên EmiratesBrowser (nhưng careful!)Không có connector
Edit Notion pageConnectorCleaner API
Fill form chính phủBrowserUnique each
Post GitHub PRConnectorStructured
Scrape data từ news siteBrowserUnique structure

Ví dụ theo ngành

💼 Sales — Connector-heavy setup

Active connectors:

Browser: chỉ cho competitor research

Why: Sales work với dữ liệu structured → connectors optimal.

📊 Research/Analyst — Mix

Active connectors:

Browser: research web, SEC filings, news sites

Why: Research needs both structured data + web discovery.

💰 Finance — Connector strict

Active connectors:

Browser: Disabled hoàn toàn or whitelist 3-5 sites

Why: Financial data sensitive, Minimum attack surface.

👥 HR — Very strict

Active connectors:

Browser: Disabled

Why: PII/employee data nhạy cảm, compliance.

  • Salesforce / HubSpot (CRM) — full read, limited write
  • Gmail — draft only
  • Slack — draft only
  • Calendar — create event OK
  • LinkedIn (if available) — read only
  • Google Drive — full (docs, analysis files)
  • Gmail — read only
  • Notion — full (knowledge base)
  • Drive — read/edit, specific finance folder
  • Email — read only
  • HRIS (if connector) — read only
  • Drive — specific HR folder

Anti-patterns

❌ Enable all connectors at once

Vấn đề: 10 connector với full permission — surface attack lớn, hard to audit.

Fix: Enable 1-2 connector per week. Review uses. Expand gradually.

❌ Browser extension "always on"

Vấn đề: Extension theo dõi mọi browsing → privacy + risk.

Fix: Disable extension khi không actively use Cowork. Enable on-demand.

❌ Grant Send/Delete ngay từ đầu

Vấn đề: 1 bug Cowork → email gửi nhầm 100 khách, file delete mất.

Fix: Default Draft-only, Read-only. Grant write after 20+ successful tasks.

❌ Cho Cowork access credit card sites

Vấn đề: Session active → Cowork charge không intentional.

Fix: Logout. Dùng Chrome profile riêng. Whitelist strict.

❌ Skip review connector permissions

Vấn đề: Connector update scope → quyền mới không được review → leak.

Fix: Review connector permissions monthly. Revoke not used.

❌ Trust browser output 100%

Vấn đề: UI change → Cowork extract wrong data → decision lệch.

Fix: Cross-verify critical data qua 2 source (browser + connector, hoặc browser + file).

Mẹo nâng cao

Mẹo 1: Separate Chrome profile cho Cowork

Chrome hỗ trợ multiple profiles. Tạo profile "Cowork":

Dùng profile này khi Cowork cần browser. Profile default (personal) an toàn hơn.

Mẹo 2: Revoke connector không dùng

Every 3 tháng:

Mẹo 3: Audit log scheduled tasks

Mỗi scheduled task nên log output:

Weekly scan audit log → spot anomaly.

Mẹo 4: Test connector change isolated

Khi update permissions connector → test trong Project Sandbox trước, không production.

Mẹo 5: Document connector setup

File /Cowork-Setup/connectors.md:

Future-you sẽ cảm ơn past-you.

  • Không login banking
  • Không save credit card
  • Chỉ login service cần cho work
  • Extension Claude installed
  • Check Cowork > Customize > Connectors
  • Connector nào không dùng 30 ngày → revoke
  • Reduce attack surface
/scheduled-logs/
├── daily-brief/
│   ├── 2026-04-01.md
│   ├── 2026-04-02.md
│   └── ...
└── master-log.md (1-line per task run)
# Connector setup log

## Gmail
- Connected: 2026-01-15
- Permissions: Read ✅, Draft ✅, Send ❌, Delete ❌
- Scope: all folders
- Reviewed: 2026-04-01

## Slack
- Connected: 2026-01-20
- Permissions: Read ✅, Draft ✅, Post ❌
- Scope: 3 channels (#team, #ops, #alerts)
- Reviewed: 2026-04-01

...

Áp dụng ngay

Bài tập 1: Setup 3 connector thiết yếu (~15 phút)

Pick 3 connector từ danh sách priority:

Test mỗi connector với 1 task read-only:

Bài tập 2: Cài Chrome extension + whitelist (~10 phút)

Ghi:

Bài tập 3: Audit permission hiện tại (~10 phút)

Review toàn bộ connectors:

Action items:

  • ___ (setup read-only trước)
  • ___ (setup read-only + draft)
  • ___ (setup read-only)
  • Connector 1: "[Test task]" → Output quality: ___/10
  • Connector 2: "[Test task]" → ___
  • Connector 3: "[Test task]" → ___
  • Cài Claude for Chrome
  • Review permissions khi install
  • Settings > whitelist 5 site bạn dùng nhiều (GitHub, docs.google.com, Notion, LinkedIn, YouTube)
  • Test với task simple: "Go to Wikipedia, extract 3 facts about Anthropic"
  • Extension có hoạt động như expected? ___/Yes/No
  • Bạn có watch Cowork làm việc? ___/Yes/No
  • Mode sử dụng: ___ (whitelist / blacklist / all)
  • Connector nào cần revoke? ___
  • Permission nào cần reduce? ___
  • Connector nào cần add? ___
ConnectorReadDraftWriteDeleteCần review?
__________________
__________________
__________________

Tóm tắt bài học

🎯 Connector = API, Browser = UI. Connector preferred: faster, more reliable, granular permission. Browser fallback cho service không có connector.

🎯 Default read-only + draft. Write/send/delete chỉ khi cần và đã test kỹ.

🎯 5 connector thiết yếu: Gmail, Calendar, Drive, Slack, Notion. Setup trong 30 phút.

🎯 Chrome extension = access toàn browser. Whitelist mode safest. Separate Chrome profile recommended.

🎯 Watch browser use carefully. Tim: "It can sometimes go rogue." Khác với connector — browser error visible, bạn can stop.

🎯 Audit permissions quarterly. Revoke unused. Log connector setup changes.

🎯 Scheduled task + external action = risk compound. Always Draft-only for scheduled outputs. Review weekly.

Tài liệu tham khảo
  • Tutorial Tech With Tim — Chrome extension + Connectors (10:25-11:30, 22:34-24:00)
  • Webinar Cowork — Boris về connectors (phần demo + safety)
  • Anthropic: "Connect Claude to Microsoft 365" — 16/10/2025
  • Anthropic: "Let Claude Handle Work in Your Browser" — 18/12/2025
  • Anthropic Security: anthropic.com/security
Nội dung này có hữu ích không?