uncloseai.
Browser Toys - Machine Learning on Every Page
Browser Toys
Browser extensions that add the uncloseai. floating button to every web page you visit. Lightweight wrappers around uncloseai.js — no server, no backend, no accounts. The extension injects the script tag, and everything else runs client-side in your browser.
Available Extensions
Chrome / Edge / Brave / Vivaldi / Arc
Manifest V3 extension for all Chromium-based browsers.
- Download and unzip
uncloseai-browser-toy-chrome.zip - Verify the download (see checksums below)
- Open
chrome://extensionsand enable Developer mode (toggle in top right) - Click Load unpacked and select the unzipped folder
- The uncloseai. button appears on every page you visit
Firefox
Manifest V2 extension for Firefox 109+ and Firefox-based browsers (LibreWolf, Waterfox).
- Download
uncloseai-browser-toy-firefox.zip - Verify the download (see checksums below)
- Open
about:debugging#/runtime/this-firefox - Click Load Temporary Add-on and select the downloaded zip file
- The uncloseai. button appears on every page you visit
Safari
Safari Web Extension for macOS and iOS. Requires Xcode conversion.
Download Safari source (~10 KB)
- Download and unzip
uncloseai-browser-toy-safari.zip - Verify the download (see checksums below)
- Convert to Xcode project:
xcrun safari-web-extension-converter /path/to/unzipped-folder \ --project-location ./safari-xcode \ --app-name "uncloseai" \ --bundle-identifier com.uncloseai.browser-toy \ --no-open - Open
safari-xcode/uncloseai.xcodeproj, set your signing team, build (Cmd+R) - Enable in Safari Settings > Extensions
Verify your download
Always verify downloads before installing. Checksum files are generated by the build and published alongside the zips.
# Download checksums and verify all zips at once
curl -sO https://uncloseai.com/downloads/SHA256SUMS
sha256sum -c SHA256SUMS
# Or verify a single file
curl -s https://uncloseai.com/downloads/SHA256SUMS | grep chrome | sha256sum -c
How it works
- The content script injects
<script src="https://uncloseai.com/uncloseai.js" type="module">into every page - If uncloseai.js is already on the page, it skips injection (no duplicates)
- The floating uncloseai. button appears in the bottom-right corner
- Click it to chat with Hermes about the current page
- Toggle the extension on or off from the toolbar popup
Storage and privacy
These extensions have no backend. Everything runs client-side in your browser.
- Chat history stays in your browser's localStorage, scoped per domain. Conversations on
example.comare separate from conversations ongithub.com. Clear a site's localStorage to clear its chat history. - Settings (model selection, language preference, voice) are stored in localStorage.
- Secrets (custom API keys, if you configure them) are protected by the optional UncloseVault, which encrypts with AES before writing to localStorage.
- The extension itself stores one boolean value: enabled on/off. That is the only data the extension touches.
No data leaves your browser except the messages you choose to send to the public AI endpoints at hermes.ai.unturf.com, qwen.ai.unturf.com, and speech.ai.unturf.com.
Security
The extension code has been audited across 6 security categories with 49 automated tests. Findings: 0 critical, 0 high, 0 medium, 0 low, 3 informational.
- No
innerHTML,eval(),document.write, ornew Function() - No network requests from extension code (all networking is in the injected uncloseai.js)
- Minimal permissions:
storageonly (plus host access for injection) - Content Security Policy restricts extension pages to
script-src 'self' - Extension stores exactly one value:
{enabled: true|false}
📋 Read the full Security Audit Report →
Source Code
📦 git.unturf.com/engineering/unturf/uncloseai-browser-toys
Build from source:
git clone https://git.unturf.com/engineering/unturf/uncloseai-browser-toys.git
cd uncloseai-browser-toys
node scripts/build.js # outputs zips to dist/
Public domain. No attribution required.