Peekaboo 1
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could click or type in the wrong app, change settings, submit forms, close work, or affect accounts through the visible UI.
The skill exposes broad UI-control authority to the agent, including actions that can click, type, paste, close windows, manage apps, and interact with dialogs. The artifacts do not describe approval or scoping guardrails for high-impact UI actions.
Peekaboo is a full macOS UI automation CLI: capture/inspect screens, target UI elements, drive input, and manage apps/windows/menus.
Use this only when you want the agent to control your desktop. Ask for confirmation before clicks, typing, dialog actions, app quit/launch, or window-management commands, and restrict tasks to specific apps or windows.
Granting these permissions can let the automation see sensitive on-screen information and act with your local user authority in other applications.
These macOS permissions allow broad observation and control of the user interface across applications. They are purpose-aligned, but the artifacts do not bound them to a specific app, workflow, or time period.
Requires Screen Recording + Accessibility permissions.
Grant Screen Recording and Accessibility only if you are comfortable with desktop-level automation, monitor its use, and revoke the permissions after you no longer need the skill.
Sensitive screen contents could remain in local cache or temp files after a task.
The CLI stores UI snapshots/cache data for reuse. This is expected for a screen-automation tool, but screenshots or UI maps may contain private information and the retention details are not specified.
Commands share a snapshot cache ... `clean`: prune snapshot cache and temp files
Avoid capturing sensitive windows when possible and use Peekaboo's cleanup command after sensitive sessions.
If remote analysis is used, screenshots or UI-derived information may be sent to a configured model/provider.
The skill documents optional analysis through configured providers/models and includes a no-remote flag, indicating possible provider communication involving captured UI data. This appears disclosed and purpose-aligned, but data boundaries are not detailed.
`config`: init/show/edit/validate, providers, models, credentials ... Analysis: `--analyze "prompt"` ... `--no-remote`
Check Peekaboo provider settings before using `--analyze`, use `--no-remote` when you need local-only behavior, and avoid remote analysis of sensitive screens.
Your trust depends on the upstream Homebrew formula and Peekaboo binary, especially because the tool requests powerful macOS permissions.
The reviewed skill is instruction-only and installs an external binary from a Homebrew tap. This is a normal CLI install pattern, but the installed binary itself was not included in the static scan artifacts.
brew | formula: steipete/tap/peekaboo | creates binaries: peekaboo
Verify the Homebrew tap and Peekaboo project source before installing, and keep the binary updated from a trusted source.