Skip to main content

applescript

Expert in AppleScript and JXA for macOS automation, focusing on secure script execution and application integration.

Install this skill

or
0/100

Security score

The applescript skill was audited on Feb 9, 2026 and we found 18 security issues across 2 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 191

Template literal with variable interpolation in command context

SourceSKILL.md
191throw new Error(`Access to ${appName} is blocked`);
high line 402

Destructive rm -rf command

SourceSKILL.md
402set userInput to "test; rm -rf /"
high line 406

Destructive rm -rf command

SourceSKILL.md
406set userInput to "test; rm -rf /"
medium line 75

Python subprocess execution

SourceSKILL.md
75result = subprocess.run(['osascript', '-e', script], capture_output=True)
medium line 115

Python subprocess execution

SourceSKILL.md
115result = subprocess.run(['osascript', '-e', script],
medium line 213

Python subprocess execution

SourceSKILL.md
213result = subprocess.run(['sdef', f'/Applications/{app_name}.app'],
medium line 262

Python subprocess execution

SourceSKILL.md
262result = subprocess.run(['osascript', '-e', script],
medium line 282

Python subprocess execution

SourceSKILL.md
282result = subprocess.run(['osascript', '-e', script], capture_output=True)
medium line 291

Python subprocess execution

SourceSKILL.md
291subprocess.run(['osacompile', '-o', path, '-e', script])
medium line 293

Python subprocess execution

SourceSKILL.md
293return subprocess.run(['osascript', self._cache[script_id]], capture_output=True)
medium line 300

Python subprocess execution

SourceSKILL.md
300subprocess.run(['osascript', '-e', f'tell app "{app}" to set bounds...'])
medium line 301

Python subprocess execution

SourceSKILL.md
301subprocess.run(['osascript', '-e', f'tell app "{app}" to activate'])
medium line 308

Python subprocess execution

SourceSKILL.md
308subprocess.run(['osascript', '-e', script], capture_output=True)
medium line 315

Python subprocess execution

SourceSKILL.md
315result = subprocess.run(['osascript', '-e', script], capture_output=True)
medium line 345

Python subprocess execution

SourceSKILL.md
345subprocess.run(['osascript', '-e', f'tell app "{app}" to activate'])
medium line 104

Access to system keychain/keyring

SourceSKILL.md
104BLOCKED_APPS = ['Keychain Access', '1Password', 'Terminal', 'System Preferences']
medium line 186

Access to system keychain/keyring

SourceSKILL.md
186this.blockedApps = ['Keychain Access', 'Terminal', 'System Preferences'];
medium line 247

Access to system keychain/keyring

SourceSKILL.md
247runner.execute('tell application "Keychain Access" to activate')
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categoryoperations
UpdatedMay 21, 2026
openclawbackendit-operationsdevops-srebackend-developertechnical-writerux-designeroperationsdevelopmentcontent mediadesign
majiayu000/claude-skill-registry