screenpipe-setup

SUSPICIOUS. The skill is broadly coherent with its stated purpose of setting up local screen OCR, and its main external install path uses a legitimate registry. However, it combines persistent screen capture, silent telemetry/logging, and execution of unreviewed local dex-core scripts/LaunchAgents, which makes the footprint more sensitive than a simple setup helper. No clear credential theft or hostile exfiltration is shown, so this is not malware, but it carries meaningful privacy and security risk.