probable-basilisk
commented
5 years ago There's a section right in the readme, with the heading "Note about scary warnings".
But basically it needs those privileges in order to tell what you're typing, in order to do the very-convenient type-to-search thing in the giant lists of materials, spells, etc. There's no intermediate level of permissions: the low-level APIs that let you do harmless things like "know what keys are pressed" are bundled with the APIs that let you do things like create/delete files, etc.
You can look at https://github.com/probable-basilisk/cheatgui/blob/master/data/hax/superhackykb.lua if you want to see the specific usage of the restricted APIs; it uses the luajit ffi to access SDL (the windowing, keyboard, and mouse handling library that Noita uses) in order to get the current keyboard state, because that isn't exposed in Noita's built-in mod interface. If you were really paranoid you might ask "isn't that basically installing a keylogger", and the answer is no-- like a normal application it only detects keypresses when you have the Noita window in focus, it has no clue what you're typing anywhere else.
The readme explains how to disable this permission if you want, and everything should mostly work, except obviously you won't be able to search any of the menus.
kenny-evitt
I just cloned the latest version. When I enabled the mod in Noita I got a prompt:
That's a pretty scary warning and I'm not sure I do trust the mod. (I would bet it's fine.)
What's with the extra privileges? Are they necessary? What about the mod needs full access to my computer? Are there no intermediate privilege(s) between the default and full access?