Habilidades mac-automation Histórico de Auditoria
📦

Histórico de Auditoria

mac-automation - 4 auditorias

Versão da auditoria 4

Mais recente Risco Médio

Jun 27, 2026, 05:19 PM

Static analysis correctly identified extensive external command usage, but this is the declared purpose of the skill: guiding osascript and AppleScript automation. I found no evidence of prompt injection, hidden network exfiltration, malware staging, or confirmed malicious intent. The skill should publish with a warning because it can read private local data, manipulate files, send mail, run shell commands through AppleScript, and perform disruptive system actions.

9
Arquivos analisados
2,301
Linhas analisadas
11
achados
codex
Auditado por
Problemas de Risco Médio (5)
SKILL.md:10-22references/system-applescript.md:219-253references/safari-applescript.md:299-303
Broad Local Command Execution Through AppleScript
TRUE_POSITIVE: The skill teaches agents to run osascript from Bash and includes AppleScript do shell script examples. This is legitimate for a macOS automation skill, but it can execute local commands and inherits the user permissions granted to the agent and macOS Automation.
references/mail-applescript.md:64-82SKILL.md:124-129references/safari-applescript.md:64-75
Access to Private Local Data
TRUE_POSITIVE: The references include reading unread Mail metadata, Calendar data, clipboard contents, Safari page source, and selected page text. This can expose sensitive personal or business information if used without narrow user consent.
references/finder-applescript.md:98-118references/mail-applescript.md:163-171references/system-applescript.md:263-280
Destructive and Disruptive Automation Examples
TRUE_POSITIVE: The skill includes examples for deleting Mail, reminders, calendar events, calendar lists, files, emptying Trash, and power actions such as restart or shutdown. These are expected automation capabilities but require confirmation and clear user intent.
references/system-applescript.md:229-236references/system-applescript.md:256-260references/system-applescript.md:283-296
Screen Capture and Keyboard Simulation Capabilities
NEEDS_REVIEW: Static keylogger and screen capture upload alerts are overstated because the files show screenshot creation and keystroke simulation, not key capture or upload. These capabilities are still privacy-sensitive and can affect active applications.
references/safari-applescript.md:152-176references/safari-applescript.md:296-304
Safari JavaScript Execution and Form Interaction
TRUE_POSITIVE: Safari references execute JavaScript in the active tab, click page elements, and fill form fields. This can automate useful browser tasks, but it can also alter web pages or interact with authenticated sessions if misused.
Problemas de Baixo Risco (3)
references/safari-applescript.md:7-13references/safari-applescript.md:19-33references/safari-applescript.md:39-43
Hardcoded URL Alerts Are Benign Examples
FALSE_POSITIVE: The Safari URLs point to common example destinations such as Google, Apple, GitHub, and example.com. I found no evidence that these URLs receive local files, secrets, screenshots, or private application data.
SKILL.md:1-5references/calendar-applescript.md:20-30references/system-applescript.md:391-395
Weak Cryptography Alerts Are False Positives
FALSE_POSITIVE: The reported weak cryptography locations are ordinary AppleScript or documentation text, not MD5, SHA1, or cryptographic code. These alerts appear to be pattern matches against unrelated words or Markdown structure.
SKILL.md:80-86
No Prompt Injection Attempt Found
FALSE_POSITIVE_CHECK: I checked for text that tries to override evaluator instructions, claim pre-approval, or skip analysis. No evidence found in the reviewed skill files.

Fatores de risco

⚙️ Comandos externos (3)
SKILL.md:10-22 references/system-applescript.md:219-253 references/safari-applescript.md:299-303
🌐 Acesso à rede (4)
references/safari-applescript.md:7-13 references/safari-applescript.md:19-33 references/safari-applescript.md:39-43 references/safari-applescript.md:297-303
📁 Acesso ao sistema de arquivos (3)
references/finder-applescript.md:68-84 references/finder-applescript.md:98-118 SKILL.md:63-64

Padrões Detectados

osascript Invocation from BashAppleScript Shell Command BridgeLocal Screenshot CaptureFinder and Application Data MutationSafari DOM Automation

Versão da auditoria 3

Baixo Risco

Jan 16, 2026, 12:50 PM

Legitimate macOS automation skill using standard osascript command for AppleScript execution. Static scanner flagged benign patterns including keystroke commands (false positive - these simulate keyboard input, not capture it), screenshot commands (false positive - local saves only), and crypt keywords (false positive - scanner misidentified screencapture/caffeinate command names). All capabilities align with stated purpose of controlling Mail, Calendar, Reminders, Safari, Finder, and System Events applications. User-initiated operations with confirmation requirements for destructive actions documented.

10
Arquivos analisados
2,608
Linhas analisadas
5
achados
claude
Auditado por
Problemas de Baixo Risco (3)
references/finder-applescript.md:98-106
File deletion operations
The skill includes AppleScript patterns for deleting files via Finder (move to trash) and emptying trash. These are legitimate file management operations but could cause data loss if misused without user confirmation.
references/system-applescript.md:258-281
System power commands
The skill documents commands for sleep, restart, shutdown, and lock screen via System Events. These affect system state but require user confirmation and macOS permissions.
references/mail-applescript.md:163-173
Email deletion operations
The skill includes patterns for deleting emails via Mail app. This could result in permanent email deletion but requires Mail app permissions and user intent.

Fatores de risco

⚙️ Comandos externos (4)
SKILL.md:14-27 references/mail-applescript.md:6-16 references/system-applescript.md:7-8 references/finder-applescript.md:6-13
📁 Acesso ao sistema de arquivos (2)
references/finder-applescript.md:55-120 SKILL.md:60-65

Versão da auditoria 2

Baixo Risco

Jan 16, 2026, 12:50 PM

Legitimate macOS automation skill using standard osascript command for AppleScript execution. Static scanner flagged benign patterns including keystroke commands (false positive - these simulate keyboard input, not capture it), screenshot commands (false positive - local saves only), and crypt keywords (false positive - scanner misidentified screencapture/caffeinate command names). All capabilities align with stated purpose of controlling Mail, Calendar, Reminders, Safari, Finder, and System Events applications. User-initiated operations with confirmation requirements for destructive actions documented.

10
Arquivos analisados
2,608
Linhas analisadas
5
achados
claude
Auditado por
Problemas de Baixo Risco (3)
references/finder-applescript.md:98-106
File deletion operations
The skill includes AppleScript patterns for deleting files via Finder (move to trash) and emptying trash. These are legitimate file management operations but could cause data loss if misused without user confirmation.
references/system-applescript.md:258-281
System power commands
The skill documents commands for sleep, restart, shutdown, and lock screen via System Events. These affect system state but require user confirmation and macOS permissions.
references/mail-applescript.md:163-173
Email deletion operations
The skill includes patterns for deleting emails via Mail app. This could result in permanent email deletion but requires Mail app permissions and user intent.

Fatores de risco

⚙️ Comandos externos (4)
SKILL.md:14-27 references/mail-applescript.md:6-16 references/system-applescript.md:7-8 references/finder-applescript.md:6-13
📁 Acesso ao sistema de arquivos (2)
references/finder-applescript.md:55-120 SKILL.md:60-65

Versão da auditoria 1

Baixo Risco

Jan 10, 2026, 09:15 AM

Documentation and reference skill for Mac AppleScript automation. Uses standard osascript command to execute AppleScript for legitimate macOS application control. All capabilities match stated purpose. User-initiated operations with confirmation requirements for destructive actions.

9
Arquivos analisados
2,447
Linhas analisadas
5
achados
claude
Auditado por
Problemas de Baixo Risco (3)
references/finder-applescript.md:98-106
File deletion operations
The skill includes AppleScript patterns for deleting files via Finder (move to trash) and emptying trash. Quote from references/finder-applescript.md lines 98-106: "move targetFile to trash". While legitimate for file management, these operations could cause data loss if misused.
references/system-applescript.md:258-281
System power commands
The skill documents commands for sleep, restart, shutdown, and lock screen via System Events. Quote from references/system-applescript.md lines 258-281. These commands affect system state but require user confirmation and macOS permissions.
references/mail-applescript.md:163-173
Email deletion operations
The skill includes patterns for deleting emails via Mail app. Quote from references/mail-applescript.md lines 163-173: "delete msg". This could result in permanent email deletion but requires Mail app permissions and user intent.

Fatores de risco

⚙️ Comandos externos (4)
SKILL.md:14-27 references/mail-applescript.md:6-16 references/system-applescript.md:7-8 references/finder-applescript.md:6-13
📁 Acesso ao sistema de arquivos (2)
references/finder-applescript.md:55-120 SKILL.md:60-65
← Voltar para Skill