Skills
skills/firecrawl/openclaw/peekaboo/Gen Agent Trust Hub

peekaboo

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the peekaboo binary via Homebrew from a third-party tap (steipete/tap/peekaboo). This introduces a dependency on external infrastructure outside of standard system or platform repositories.
  • [DATA_EXFILTRATION]: The tool has the capability to access sensitive user data through several commands:
  • peekaboo clipboard: Can read and write the system clipboard, which often contains passwords or private information.
  • peekaboo capture, peekaboo image, and peekaboo see: These commands perform screen recording and capture window content, providing the agent with visibility into everything on the user's display.
  • [COMMAND_EXECUTION]: The skill provides extensive control over the host operating system, including:
  • UI Interaction: Emulating mouse clicks, drags, scrolls, and keyboard input (type, hotkey, press).
  • App Management: Launching, quitting, and managing windows and system dialogs.
  • Script Execution: The peekaboo run command allows execution of JSON-based automation scripts.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8):
  • Ingestion points: Screen analysis and capture via peekaboo see --analyze and peekaboo image --analyze allow the agent to process content from arbitrary applications and websites.
  • Boundary markers: None identified in the prompt templates.
  • Capability inventory: Full UI control (clicking, typing), app management, and clipboard access via the peekaboo CLI.
  • Sanitization: No evidence of input validation or content filtering for analyzed visual data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 12:42 PM