drafts-actions

Guides users in creating and scripting custom actions for the Drafts app, enhancing automation and productivity on iOS and macOS.

Install this skill

or

67/100

Security score

The drafts-actions skill was audited on Feb 9, 2026 and we found 9 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 318

Template literal with variable interpolation in command context

SourceSKILL.md

318	var html = `<div>${escapeHtml(draft.content)}</div>`;

medium line 587

Template literal with variable interpolation in command context

SourceSKILL.md

587	`/notes/${draft.title}.txt`,

medium line 740

Template literal with variable interpolation in command context

SourceSKILL.md

740	let numbered = lines.map((line, i) => `${i+1}. ${line}`).join("\n");

medium line 747

Template literal with variable interpolation in command context

SourceSKILL.md

747	app.displayInfoMessage(`Word count: ${words}`);

medium line 765

Template literal with variable interpolation in command context

SourceSKILL.md

765	app.displayInfoMessage(`Processed ${drafts.length} drafts`);

medium line 799

Template literal with variable interpolation in command context

SourceSKILL.md

799	"content": `Translate the following text to English. Only provide the translation, no explanations or additional text:\n\n${originalText}`

low line 483

External URL reference

SourceSKILL.md

483	app.openURL("https://example.com");

low line 536

External URL reference

SourceSKILL.md

536	"url": "https://api.example.com/data",

low line 788

External URL reference

SourceSKILL.md

788	const endpoint = "https://api.anthropic.com/v1/messages";

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categorymarketing

UpdatedMay 21, 2026

openclaw api content-marketer growth-marketer product-manager ux-designer technical-writer marketing product design content media

majiayu000/claude-skill-registry