Compuse

What this means for you: - This package appears to be what it says: a local, self‑contained computer‑use runtime that can take screenshots, list running/installed apps, and control mouse/keyboard. Those are powerful local operations — they can capture sensitive screen content and drive input devices — but they are consistent with the stated purpose. - Before installing or enabling it: (1) only install on a machine you trust or a test machine; (2) review the included scripts (scripts/install.sh) and entry points (dist/cli.js, runtime/*_helper.py) to ensure no unexpected network endpoints or post-install steps; (3) be aware first run will create a Python virtualenv and pip-install packages from PyPI (network fetch); (4) check whether your deployment allows the agent to invoke the skill autonomously — if so, consider restricting autonomous invocation or gating actions in the MCP config; (5) if you need the least privilege, run it in an isolated VM or sandbox first and validate behavior (especially on Wayland/X11 differences). - Additional checks that would increase confidence: verifying the upstream GitHub/ClawHub repos referenced in project/manifest.json, scanning the codebase for any outbound network calls or HTTP clients, and confirming there are no hard-coded remote endpoints or credentials in any of the truncated files.