Desktop Agent Ops

This skill appears to do what it says (screen capture, OCR, focus apps, mouse/keyboard actions). Before installing or running it: - Audit the installer script (scripts/first_run_setup.py) and any bootstrap scripts for shell commands or network calls you don't expect. The package will run installs and create a venv on first run. - Expect and approve OS permission prompts (Accessibility, Screen Recording, Automation). Granting these allows the skill to observe the screen and drive input — treat that as granting powerful local access. - Because the skill can operate chat apps, do not run it on machines containing sensitive accounts or private conversations until you’ve tested in a safe sandbox account. - Run first_run_setup.py and smoke tests in a controlled environment (VM or throwaway account) first to confirm exactly what is installed and what the smoke test does. - Search the bundled scripts for any outbound network activity or telemetry (HTTP, sockets, uploads). If present, verify endpoints and purpose before proceeding. - If you are uncomfortable running an automatic installer, create and point the skill at an explicit, user-created Python virtualenv and install dependencies manually after review. If you want, I can: (a) list the top-level contents of specific scripts (first_run_setup.py, permission_bootstrap.py, desktop_ops.py) so you can see what commands they run, or (b) search the code for obvious network calls or subprocess.exec usage and summarize findings.