Pagerunner Skill
v1.2.3Real Chrome automation for AI agents — authenticated sessions, PII anonymization, snapshots, and multi-agent coordination via KV store.
⭐ 0· 69·0 current·0 all-time
byStanislav Shymanskyi@enreign
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (real Chrome automation, anonymization, snapshots, KV coordination) match what the SKILL.md and accompanying docs describe. The only required binary is 'pagerunner', which is appropriate for controlling a local Chrome instance; no unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions explicitly instruct the agent to open sessions, read page content, evaluate page JS (including window.__STORE__), take screenshots, use snapshots (cookies/auth), run a local daemon, and write/read a KV store. All of these are coherent with the stated purpose, but they give the agent access to locally authenticated browser state (cookies, history, in-page stores) and local config/log files (e.g., ~/.pagerunner/config.toml and ~/.pagerunner/daemon.log). This is expected for a browser-automation tool but raises privacy/sensitive-data risk that users must acknowledge.
Install Mechanism
The skill is instruction-only and requires an existing 'pagerunner' binary. SKILL.md suggests 'brew' as an install hint, but the registry shows no install spec — no remote downloads or unusual install steps are present in the skill bundle itself.
Credentials
The skill requests no environment variables or external service credentials. It does reference local config paths and logs (home directory) and uses snapshots containing cookies/auth; these are proportional to the functionality (local browser automation) but mean the tool can access sensitive local session data without needing explicit env-secret inputs.
Persistence & Privilege
always:false (not forced into every agent run). The skill can be invoked autonomously (platform default), which increases impact if misused, but this is normal. The skill does encourage running a persistent daemon and using auto-checkpoints/snapshots — expected for long-running browser automation but worth considering before enabling always-on behavior on sensitive machines.
Scan Findings in Context
[pre-scan-injection-signals] expected: No pre-scan injection signals were detected. This is plausible because the repo is documentation/examples-heavy and has no embedded remote-install snippets.
Assessment
This skill appears coherent and does what it says: it gives an agent programmatic control of your real Chrome profiles (cookies, logged-in sessions, history) via the local 'pagerunner' binary. That capability is powerful and sensitive even though the skill doesn't request API keys. Before installing or using it, consider: 1) only use a trusted/pinned pagerunner binary (verify source, checksum, or install from a vetted package manager); 2) avoid attaching your personal browser profile — create and use isolated agent-only Chrome profiles and use the allowed_domains / anonymize options; 3) enable anonymization and audit logging if processing PII; 4) run the daemon in an isolated environment (VM/container) if you want strong containment; 5) review pagerunner's own source code / binary behavior (network activity, telemetry, de-tokenization implementation) because snapshots and de-tokenization require the tool to hold mappings from tokens→real values; 6) monitor ~/.pagerunner/daemon.log and KV usage for unexpected activity; and 7) do not grant 'always-on' or system-wide privileges unless you understand and accept the data-access implications.Like a lobster shell, security has layers — review code before you run it.
latestvk97c59qhsxsap0js2enjzthv9d83twge
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspagerunner