Audit History
mac-automation - 4 audits
Audit version 4
Latest Medium RiskJun 27, 2026, 05:19 PM
Static analysis correctly identified extensive external command usage, but this is the declared purpose of the skill: guiding osascript and AppleScript automation. I found no evidence of prompt injection, hidden network exfiltration, malware staging, or confirmed malicious intent. The skill should publish with a warning because it can read private local data, manipulate files, send mail, run shell commands through AppleScript, and perform disruptive system actions.
Medium Risk Issues (5)
Low Risk Issues (3)
Risk Factors
⚙️ External commands (3)
🌐 Network access (4)
📁 Filesystem access (3)
Detected Patterns
Audit version 3
Low RiskJan 16, 2026, 12:50 PM
Legitimate macOS automation skill using standard osascript command for AppleScript execution. Static scanner flagged benign patterns including keystroke commands (false positive - these simulate keyboard input, not capture it), screenshot commands (false positive - local saves only), and crypt keywords (false positive - scanner misidentified screencapture/caffeinate command names). All capabilities align with stated purpose of controlling Mail, Calendar, Reminders, Safari, Finder, and System Events applications. User-initiated operations with confirmation requirements for destructive actions documented.
Low Risk Issues (3)
Risk Factors
⚙️ External commands (4)
📁 Filesystem access (2)
Audit version 2
Low RiskJan 16, 2026, 12:50 PM
Legitimate macOS automation skill using standard osascript command for AppleScript execution. Static scanner flagged benign patterns including keystroke commands (false positive - these simulate keyboard input, not capture it), screenshot commands (false positive - local saves only), and crypt keywords (false positive - scanner misidentified screencapture/caffeinate command names). All capabilities align with stated purpose of controlling Mail, Calendar, Reminders, Safari, Finder, and System Events applications. User-initiated operations with confirmation requirements for destructive actions documented.
Low Risk Issues (3)
Risk Factors
⚙️ External commands (4)
📁 Filesystem access (2)
Audit version 1
Low RiskJan 10, 2026, 09:15 AM
Documentation and reference skill for Mac AppleScript automation. Uses standard osascript command to execute AppleScript for legitimate macOS application control. All capabilities match stated purpose. User-initiated operations with confirmation requirements for destructive actions.