Peekaboo

The name/description advertise macOS UI capture and automation and the instructions exclusively document peekaboo CLI commands (capture, click, type, app/window management, clipboard, etc.). The embedded metadata points to a Homebrew formula to provide the peekaboo binary — this is coherent for a CLI-focused skill.

The runtime instructions only tell the agent to run peekaboo CLI commands and pass file paths/flags. They do not instruct reading unrelated system files or environment variables. However, the tool's legitimate features include screen capture and clipboard access and can operate on application windows — these are high-privilege/sensitive operations (you should expect it can capture screen contents and clipboard data when granted permission).

The skill package is instruction-only (no installer executed by the platform). The SKILL.md metadata recommends installing the binary via a Homebrew formula: steipete/tap/peekaboo. Homebrew installs are typical for macOS CLIs, but this is a third-party tap (not an official core formula); verify the tap and upstream source before installing binaries from it.

The skill declares no required environment variables or credentials. The commands mention a 'config' subcommand that can manage providers/models/credentials — this likely refers to optional configuration stored by the CLI itself, not required by the skill. There is no unexplained request for unrelated secrets in the SKILL.md.

The skill does not request always:true and is user-invocable only. It does rely on macOS Screen Recording and Accessibility permissions for full functionality — these are OS-level privileges required by any UI automation tool and should be granted only when you trust the binary.