Skills mac-automation
📦

mac-automation

Medium Risk ⚙️ External commands🌐 Network access📁 Filesystem access

Automate macOS Apps with AppleScript

Manual macOS tasks can be slow when they span Mail, Calendar, Finder, Safari, and system settings. This skill gives Claude, Codex, and Claude Code structured AppleScript patterns for local automation.

Supports: Claude Codex Code(CC)
⚠️ 50 Poor
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Agent-readable resources

Use these links when an AI agent, crawler, or script needs clean context instead of reading the full page.

Test it

Using "mac-automation". Create a reminder from my clipboard for tomorrow morning.

Expected outcome:

The assistant checks clipboard content, creates a Reminders item for tomorrow at 9:00, and confirms the reminder title.

Using "mac-automation". Show my unread email count and today's meetings.

Expected outcome:

  • Unread mail count with recent sender and subject details.
  • Today's calendar events with times and titles.
  • A note if permissions are missing.

Using "mac-automation". Open GitHub in Safari and get the current page title.

Expected outcome:

Safari opens the requested page, returns the active tab title, and reports any permission or window errors.

Security Audit

Medium Risk
v4 • 6/27/2026

Static analysis correctly identified extensive external command usage, but this is the declared purpose of the skill: guiding osascript and AppleScript automation. I found no evidence of prompt injection, hidden network exfiltration, malware staging, or confirmed malicious intent. The skill should publish with a warning because it can read private local data, manipulate files, send mail, run shell commands through AppleScript, and perform disruptive system actions.

9
Files scanned
2,301
Lines analyzed
11
findings
4
Total audits
Medium Risk Issues (5)
Broad Local Command Execution Through AppleScript
TRUE_POSITIVE: The skill teaches agents to run osascript from Bash and includes AppleScript do shell script examples. This is legitimate for a macOS automation skill, but it can execute local commands and inherits the user permissions granted to the agent and macOS Automation.
Access to Private Local Data
TRUE_POSITIVE: The references include reading unread Mail metadata, Calendar data, clipboard contents, Safari page source, and selected page text. This can expose sensitive personal or business information if used without narrow user consent.
Destructive and Disruptive Automation Examples
TRUE_POSITIVE: The skill includes examples for deleting Mail, reminders, calendar events, calendar lists, files, emptying Trash, and power actions such as restart or shutdown. These are expected automation capabilities but require confirmation and clear user intent.
Screen Capture and Keyboard Simulation Capabilities
NEEDS_REVIEW: Static keylogger and screen capture upload alerts are overstated because the files show screenshot creation and keystroke simulation, not key capture or upload. These capabilities are still privacy-sensitive and can affect active applications.
Safari JavaScript Execution and Form Interaction
TRUE_POSITIVE: Safari references execute JavaScript in the active tab, click page elements, and fill form fields. This can automate useful browser tasks, but it can also alter web pages or interact with authenticated sessions if misused.
Low Risk Issues (3)
Hardcoded URL Alerts Are Benign Examples
FALSE_POSITIVE: The Safari URLs point to common example destinations such as Google, Apple, GitHub, and example.com. I found no evidence that these URLs receive local files, secrets, screenshots, or private application data.
Weak Cryptography Alerts Are False Positives
FALSE_POSITIVE: The reported weak cryptography locations are ordinary AppleScript or documentation text, not MD5, SHA1, or cryptographic code. These alerts appear to be pattern matches against unrelated words or Markdown structure.
No Prompt Injection Attempt Found
FALSE_POSITIVE_CHECK: I checked for text that tries to override evaluator instructions, claim pre-approval, or skip analysis. No evidence found in the reviewed skill files.

Detected Patterns

osascript Invocation from BashAppleScript Shell Command BridgeLocal Screenshot CaptureFinder and Application Data MutationSafari DOM Automation
Audited by: codex View Audit History →

Quality Score

45
Architecture
100
Maintainability
87
Content
69
Community
34
Security
91
Spec Compliance

What You Can Build

Personal productivity shortcuts

Create reminders, calendar events, notifications, and clipboard-based notes without switching between several apps.

Office workflow automation

Draft or send Mail messages, review unread mail summaries, and organize files with repeatable local automation.

Browser and file task scripting

Open Safari pages, inspect tab information, run controlled JavaScript, and manage Finder files during support workflows.

Try These Prompts

Create a reminder
Use the mac-automation skill to create a reminder for [task] due [date and time]. Show me the AppleScript before running it.
Summarize today
Use AppleScript to get today's Calendar events and unread Mail subjects. Only show the sender, subject, and event title.
Organize files
Prepare a Finder automation plan to move [file type] files from [source folder] to [target folder]. Ask before moving anything.
Automate Safari workflow
Use Safari AppleScript to open [site], collect the current page title and selected text, then propose the next automation step before acting.

Best Practices

  • Ask for confirmation before sending mail, deleting data, changing files, or triggering power actions.
  • Show the planned AppleScript for sensitive actions before execution.
  • Limit output to the fields the user requested when reading private app data.

Avoid

  • Do not run generated AppleScript that includes unreviewed shell commands or user-provided paths.
  • Do not read Mail, clipboard, browser content, or calendar data without explicit user request.
  • Do not empty Trash, delete app data, send email, or shut down the Mac as part of a broad request.

Frequently Asked Questions

Does this skill run code on my Mac?
Yes. It guides the assistant to run AppleScript through osascript, so user approval and local permissions matter.
Why do macOS permission prompts appear?
macOS requires Automation, Accessibility, and app permissions before one app can control another app.
Can it read private information?
Yes, if requested. Examples can read Mail metadata, Calendar events, clipboard text, Safari page data, and Finder details.
Can it send emails or delete files?
Yes. The skill includes examples for sending Mail and deleting data, so those actions should require confirmation.
Does it contact external servers?
It includes Safari navigation examples and Google search URLs. I found no evidence of hidden data upload or exfiltration.
Which AI tools can use this skill?
The report lists support for Claude, Codex, and Claude Code.