Play Any Game - AI游戏伴侣助手

Before installing, note these points: - Metadata mismatch: The skill's registry entry says no environment variables are required, but the documentation and code require an API key (DASHSCOPE_API_KEY). Confirm with the author why the registry omitted this requirement. - Privacy: The skill captures screenshots of your game window and (per docs) sends them to a cloud service (Aliyun GUI-Plus) for analysis. Do not use this skill if those screenshots might contain sensitive information you do not want uploaded. - API key handling: The skill stores the API key in a local config.json by default. Ensure that file is stored securely and not committed or shared. Consider using temporary keys or scoped accounts if possible. - Local control risk: The skill can move your mouse, send keystrokes, and perform background PostMessage clicks. That capability is necessary for automation but can affect other applications. Only run it on a machine/account where you accept this level of control. - Implementation oddities: The project uses the 'openai' Python client in requirements but documents Aliyun GUI-Plus as the provider. Review scripts/gui_agent/aliyun.py (network endpoints, upload behavior) to confirm where images and keys are actually sent. Also scan the code for TODOs or obvious bugs (there are at least some small code issues) before running. - Mitigations: Run initially in a controlled environment (non-critical account, VM, or sandboxed Windows user), inspect network traffic (to see which endpoints are used), and rotate API keys if you test the skill. If you need assurance, ask the maintainer to (1) update registry metadata to declare the API key requirement, (2) document exact endpoints used and whether images are persisted server-side, and (3) provide an option to run the recognition model locally or with a self-hosted endpoint.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.