← Back to Skills Marketplace
Pagerunner Skill
by
Stanislav Shymanskyi
· GitHub ↗
· v1.3.1
· MIT-0
160
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install pagerunner-skill
Description
Real Chrome automation for AI agents — authenticated sessions, PII anonymization, sealed secrets, site adapters, session checkpoints, and video recording.
Usage Guidance
Before installing or enabling this skill, verify the following: 1) Source and integrity of the 'pagerunner' binary — obtain it from a trusted, signed release (inspect the GitHub repo, release artifacts, and checksums). 2) Test anonymization in a safe environment — enable anonymize:true and confirm that get_content/evaluate results contain only tokens and that de-tokenization happens only on DOM writes as documented. 3) Assume the tool can read any page your browser can; avoid running on your 'personal' profile and instead create a dedicated, minimal agent profile with only the sites needed. 4) Review and lock down config: set recording/retention low (or disabled), set allowed_domains to limit navigation, and disable auto_record for personal profiles. 5) Limit autonomous invocation until you trust the binary: prefer user-invoked runs or run the daemon under a restricted service account / sandbox. 6) Confirm where KV results go and who can read them (avoid sending sensitive content to external systems). 7) If you cannot validate the binary and anonymization behavior, do not grant this skill access to real Chrome profiles — run in an isolated VM/container or decline installation. Additional useful checks: inspect the GitHub repo referenced in SKILL.md, review the pagerunner binary source or build from source, and audit ~/.pagerunner files after a test run.
Capability Analysis
Type: OpenClaw Skill
Name: pagerunner-skill
Version: 1.3.1
The Pagerunner skill bundle provides a comprehensive framework for Chrome browser automation by AI agents. While the tool possesses high-privilege capabilities, such as accessing real user profiles and session cookies, it includes extensive and well-documented security guardrails. Key safety features include local PII anonymization (tokenization/redaction), SSRF protection (blocking internal/private IPs), domain allowlisting, and a 'sealed secrets' mechanism designed to prevent credentials from ever being exposed to the LLM or audit logs. The provided scripts (e.g., debug-selector.sh, profile-perf.sh) and documentation (SECURITY.md, REFERENCE.md) are entirely consistent with the stated purpose of professional, security-conscious automation.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description align with the required binary 'pagerunner' and the SKILL.md: the skill legitimately needs a local 'pagerunner' binary to attach to Chrome, manage sessions, snapshots, and recordings. One inconsistency: the registry lists "No install spec" while SKILL.md includes an 'openclaw: install: brew' hint — the skill expects a binary but doesn't provide an authoritative install mechanism in the registry.
Instruction Scope
Runtime instructions tell agents to open sessions tied to real Chrome profiles, read page content (get_content / evaluate), restore/save authenticated snapshots, run a daemon, read/write config (~/.pagerunner/config.toml) and logs (~/.pagerunner/daemon.log), record video, and use a KV store for results. All of these are coherent with the skill's purpose, but they provide broad access to local browser state (cookies, history, logged-in sessions) and to arbitrary page content — a major privacy/exfiltration surface. The docs claim PII anonymization and de-tokenization behavior, but anonymization only works if properly implemented and enabled; the instructions also show flows that store/surface extracted results (kv_set) which could be used to transmit sensitive data.
Install Mechanism
The skill is instruction-only in the registry (no enforced install), but it requires a third-party 'pagerunner' binary. SKILL.md hints at 'brew' install and a GitHub repository URL, but no authoritative install spec or signed binary is provided here. That leaves the operator responsible for procuring and trusting the pagerunner binary — a single, untrusted binary able to attach to Chrome is high-risk.
Credentials
The registry declares no required env vars or config paths, yet the documentation references and relies on user-local config and data paths (e.g., ~/.pagerunner/config.toml, ~/.pagerunner/daemon.log), browser profiles, saved snapshots, and cookie-bearing sessions. Access to local browser profiles (and therefore credentials/tokens in the browser) is functionally required but not declared as a sensitive resource in metadata — this mismatch is concerning.
Persistence & Privilege
The skill is not marked 'always:true', but it describes running an always-on daemon and auto-checkpointing sessions. Autonomous model invocation is allowed (default), which combined with a binary that can attach to local Chrome increases blast radius if misused. This is not disqualifying by itself, but it amplifies other risks noted above.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pagerunner-skill - After installation, invoke the skill by name or use
/pagerunner-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.1
v1.3.1 — Restructure. Skill moved from .agents/skills/pagerunner-skill/ to skills/pagerunner-skill/ to match gh skill + Claude Code plugin marketplace conventions. No content changes vs 1.3.0.
v1.3.0
v1.3.0 — Cover pagerunner v0.7 (sealed secrets, credential scrubbing, AnonymizationGap, daemon hardening / SessionHealth) and v0.8 (video recording). New RECORDING.md director's guide (bug repros, feature demos, onboarding tutorials). ~17 new tools documented across attach_session, close_tab, session checkpoints, sealed-secret family, network/console logs, site intelligence, and the video recording family.
v1.2.3
Security: remove fetch-interception pattern, window.__AUTH_TOKEN__, process.env refs; strip sensitive path/env metadata
v1.2.2
Security: remove ZWJ control char, declare env:[] and paths in metadata, clarify API_KEY is user-supplied
v1.2.1
Fix: tighten description for display
v1.2.0
Agent decision guide (7 non-negotiable rules for AI agents), v0.6.0 session persistence docs, auto-checkpoint on close
Metadata
Frequently Asked Questions
What is Pagerunner Skill?
Real Chrome automation for AI agents — authenticated sessions, PII anonymization, sealed secrets, site adapters, session checkpoints, and video recording. It is an AI Agent Skill for Claude Code / OpenClaw, with 160 downloads so far.
How do I install Pagerunner Skill?
Run "/install pagerunner-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pagerunner Skill free?
Yes, Pagerunner Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pagerunner Skill support?
Pagerunner Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pagerunner Skill?
It is built and maintained by Stanislav Shymanskyi (@enreign); the current version is v1.3.1.
More Skills