Correct me if I’m wrong, but is it not still as simple as knowing the “chrome-extension://“ unique id of the extension? I’m aware of the cat and mouse aspect of scraping and that was one of the pitfalls I’ve been wary of as a fingerprinting vector.
I just tested in chrome 77, and I could only do `chrome.runtime.sendMessage("clngdbkpkpeebahjckkjfobafhncgmne", {},{},console.log)` from within the Stylus extension page, not from an external page like hacker news.