Some extension API permissions, such as the devtools or debugger permissions, grant the extension effective access to all URLs, but don't have associated host permissions.  Technically, this will work with click-to-script - these permissions just wouldn't be withheld, as is the case for any other non-host permissions.  However, the permission warnings are a bit strange, since in the chrome://extensions page, we'd show something like:

This extension can:
- Read and change your data on the websites you visit     <-- From, say, the debugger permission
- Know your email address

Allow this extension to read and change your data on the websites you visit:

[ On Click | On All Sites | On Select Sites ]

This is technically correct (ish), but definitely a bit confusing to users.

bklmn@, any idea what we should do here?  This is a little lower priority, since it's kind of an edge case (and these APIs aren't as popular), but it'd be good to potentially address.