← 返回 Skills 市场
enreign

Pagerunner Skill

作者 Stanislav Shymanskyi · GitHub ↗ · v1.3.1 · MIT-0
cross-platform ⚠ suspicious
160
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install pagerunner-skill
功能描述
Real Chrome automation for AI agents — authenticated sessions, PII anonymization, sealed secrets, site adapters, session checkpoints, and video recording.
安全使用建议
Before installing or enabling this skill, verify the following: 1) Source and integrity of the 'pagerunner' binary — obtain it from a trusted, signed release (inspect the GitHub repo, release artifacts, and checksums). 2) Test anonymization in a safe environment — enable anonymize:true and confirm that get_content/evaluate results contain only tokens and that de-tokenization happens only on DOM writes as documented. 3) Assume the tool can read any page your browser can; avoid running on your 'personal' profile and instead create a dedicated, minimal agent profile with only the sites needed. 4) Review and lock down config: set recording/retention low (or disabled), set allowed_domains to limit navigation, and disable auto_record for personal profiles. 5) Limit autonomous invocation until you trust the binary: prefer user-invoked runs or run the daemon under a restricted service account / sandbox. 6) Confirm where KV results go and who can read them (avoid sending sensitive content to external systems). 7) If you cannot validate the binary and anonymization behavior, do not grant this skill access to real Chrome profiles — run in an isolated VM/container or decline installation. Additional useful checks: inspect the GitHub repo referenced in SKILL.md, review the pagerunner binary source or build from source, and audit ~/.pagerunner files after a test run.
功能分析
Type: OpenClaw Skill Name: pagerunner-skill Version: 1.3.1 The Pagerunner skill bundle provides a comprehensive framework for Chrome browser automation by AI agents. While the tool possesses high-privilege capabilities, such as accessing real user profiles and session cookies, it includes extensive and well-documented security guardrails. Key safety features include local PII anonymization (tokenization/redaction), SSRF protection (blocking internal/private IPs), domain allowlisting, and a 'sealed secrets' mechanism designed to prevent credentials from ever being exposed to the LLM or audit logs. The provided scripts (e.g., debug-selector.sh, profile-perf.sh) and documentation (SECURITY.md, REFERENCE.md) are entirely consistent with the stated purpose of professional, security-conscious automation.
能力标签
cryptorequires-walletrequires-sensitive-credentials
能力评估
Purpose & Capability
Name/description align with the required binary 'pagerunner' and the SKILL.md: the skill legitimately needs a local 'pagerunner' binary to attach to Chrome, manage sessions, snapshots, and recordings. One inconsistency: the registry lists "No install spec" while SKILL.md includes an 'openclaw: install: brew' hint — the skill expects a binary but doesn't provide an authoritative install mechanism in the registry.
Instruction Scope
Runtime instructions tell agents to open sessions tied to real Chrome profiles, read page content (get_content / evaluate), restore/save authenticated snapshots, run a daemon, read/write config (~/.pagerunner/config.toml) and logs (~/.pagerunner/daemon.log), record video, and use a KV store for results. All of these are coherent with the skill's purpose, but they provide broad access to local browser state (cookies, history, logged-in sessions) and to arbitrary page content — a major privacy/exfiltration surface. The docs claim PII anonymization and de-tokenization behavior, but anonymization only works if properly implemented and enabled; the instructions also show flows that store/surface extracted results (kv_set) which could be used to transmit sensitive data.
Install Mechanism
The skill is instruction-only in the registry (no enforced install), but it requires a third-party 'pagerunner' binary. SKILL.md hints at 'brew' install and a GitHub repository URL, but no authoritative install spec or signed binary is provided here. That leaves the operator responsible for procuring and trusting the pagerunner binary — a single, untrusted binary able to attach to Chrome is high-risk.
Credentials
The registry declares no required env vars or config paths, yet the documentation references and relies on user-local config and data paths (e.g., ~/.pagerunner/config.toml, ~/.pagerunner/daemon.log), browser profiles, saved snapshots, and cookie-bearing sessions. Access to local browser profiles (and therefore credentials/tokens in the browser) is functionally required but not declared as a sensitive resource in metadata — this mismatch is concerning.
Persistence & Privilege
The skill is not marked 'always:true', but it describes running an always-on daemon and auto-checkpointing sessions. Autonomous model invocation is allowed (default), which combined with a binary that can attach to local Chrome increases blast radius if misused. This is not disqualifying by itself, but it amplifies other risks noted above.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pagerunner-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pagerunner-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.1
v1.3.1 — Restructure. Skill moved from .agents/skills/pagerunner-skill/ to skills/pagerunner-skill/ to match gh skill + Claude Code plugin marketplace conventions. No content changes vs 1.3.0.
v1.3.0
v1.3.0 — Cover pagerunner v0.7 (sealed secrets, credential scrubbing, AnonymizationGap, daemon hardening / SessionHealth) and v0.8 (video recording). New RECORDING.md director's guide (bug repros, feature demos, onboarding tutorials). ~17 new tools documented across attach_session, close_tab, session checkpoints, sealed-secret family, network/console logs, site intelligence, and the video recording family.
v1.2.3
Security: remove fetch-interception pattern, window.__AUTH_TOKEN__, process.env refs; strip sensitive path/env metadata
v1.2.2
Security: remove ZWJ control char, declare env:[] and paths in metadata, clarify API_KEY is user-supplied
v1.2.1
Fix: tighten description for display
v1.2.0
Agent decision guide (7 non-negotiable rules for AI agents), v0.6.0 session persistence docs, auto-checkpoint on close
元数据
Slug pagerunner-skill
版本 1.3.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Pagerunner Skill 是什么?

Real Chrome automation for AI agents — authenticated sessions, PII anonymization, sealed secrets, site adapters, session checkpoints, and video recording. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 160 次。

如何安装 Pagerunner Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pagerunner-skill」即可一键安装,无需额外配置。

Pagerunner Skill 是免费的吗?

是的,Pagerunner Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Pagerunner Skill 支持哪些平台?

Pagerunner Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pagerunner Skill?

由 Stanislav Shymanskyi(@enreign)开发并维护,当前版本 v1.3.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论