ℹ
Purpose & Capability
The name/description (screen capture + OCR DPS monitor for Slay The Spire 2) align with the included Python modules (screen capture, ROI extraction, OCR, DPS calculation). However the package contains functionality not called out in SKILL.md: global mouse-listening (pynput), Windows-specific window enumeration (win32gui/pywin32), attempts to import easyocr in addition to pytesseract. The SKILL.md dependency list is incomplete and the code assumes Windows but the skill registry declares no OS restriction.
!
Instruction Scope
SKILL.md instructs running the main script and calibrating ROI, but it does not mention that several modules record/save screenshots and JSON reports to disk, or that online/monitor variants start a background mouse listener and log click coordinates/times. The code performs system-wide mouse capture while running and writes images and report files; these behaviours are outside what the minimal SKILL.md description explicitly warns about (privacy/usage scope mismatch).
ℹ
Install Mechanism
There is no install spec (instruction-only skill) which is lower risk from supply-chain viewpoint, but the skill bundle includes many executable Python files that will run locally when invoked. No external downloads are performed by an installer, but the code expects third-party Python packages to be installed.
!
Credentials
The skill declares no env vars or credentials (good), but the code requires platform-specific and permission-sensitive libraries (win32gui/pywin32, pynput) which are not listed in SKILL.md. Mouse-listening captures user click coordinates and timestamps (privacy-sensitive). The skill saves screenshots and JSON reports locally (may include sensitive on-screen data). No network calls were observed, and no credentials are requested.
✓
Persistence & Privilege
The skill does not request 'always: true' or modify other skills or system-wide agent settings. It runs as a user process and uses background threads (mouse listener) while running; autonomous model invocation is allowed by default but not a unique privilege here.
What to consider before installing
This package appears to implement the advertised local OCR/DPS monitor but has several inconsistencies you should address before installing:
- Dependency & OS checks: SKILL.md lists mss, opencv-python, pytesseract, numpy, but the code also imports win32gui (pywin32), pynput, and optionally easyocr. Those are platform/permission-sensitive (win32gui is Windows-only; pynput may require accessibility permissions on macOS). Confirm your OS and install the correct packages.
- Privacy & permissions: several monitor variants start a global mouse listener and log click coordinates and timestamps; the tool also writes screenshots and JSON reports to disk. If you run it, expect local captures of on-screen content and mouse activity—run only on a machine where that is acceptable.
- No network observed: review the omitted files before trusting — current visible files do not perform network exfiltration, but verify the remaining files for any network calls.
- Code issues: there is a bug/typo in main.py (default config key " rois" has a leading space) and other rough edges; test in a controlled environment first.
- Best practices: run in an isolated VM or sandbox, inspect and run the code locally (not as an elevated/system service), review/modify the mouse-listening code if you do not want global click logging, and ensure saved screenshots/report files are stored where you expect or disabled via config. If you need stronger assurance, ask the maintainer for an updated SKILL.md listing all runtime dependencies, OS target, and an explicit description of what is logged and saved.
